Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript Malware Open The Door to the Intranet

Posted by ryuzaki0 on from the anybody-home dept.

An anonymous reader writes "C|Net is reporting that JavaScript malware is opening the door for hackers to attack internal networks. During the Black Hat Briefings conference Jeremiah Grossman (CTO, WhiteHat Security) '...will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers ... As we're attacking the intranet using the browser, we're taking complete control over the browser.' According the the article, the presence of cross-site scripting vulnerabilities (XSS) dramatically increase the possible damage that can be caused. The issue also not which-browser-is-more-secure, as all major browsers are equally at risk. Grossman says 'The users really are at the mercy of the Web sites they visit. Users could turn off JavaScript, which really isn't a solution because so many Web sites rely on it.'"

5 of 169 comments (clear)

  1. NoScript by dvice_null · · Score: 5, Informative

    Why can't users just install Firefox and NoScript extension for it. Then Javascript will be disabled by default, but user can whitelist the sites where Javascript should be enabled. Problem solved.

    1. Re:NoScript by rdwald · · Score: 5, Informative

      In addition to blocking JavaScript on non-whitelisted sites, NoScript also prevents Flash and Java from loading unless you specifically allow them on a case-by-case basis. All of those stupid Flash adds will be gone, but you can still view everything you want to! It's a great extension.

  2. NoScript extension could be a saviour by CdBee · · Score: 4, Informative

    For about a year now I routinely install a whitelisting firefox extension called NoScript
    It blocks javascript per-site until I choose to whitelist the site: Not only do I get a great deal fewer annoyances interrupting my browsing, but it also cuts out a lot of web advertising (the AdBlock extension makes my browser drag when fully loaded with filters)

    --
    I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
  3. Re:Simple fix to an obvious problem by tomjen · · Score: 4, Informative

    It has the IP address of the NAT router - not, not, not the internal ip of the computer making the request through the NAT router.

    --
    Freedom or George Bush
  4. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion