Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top 10 Web 2.0 Attack Vectors

Posted by ryuzaki0 on from the danger-2.0 dept.

Fred writes, "HNS is running a story about Web 2.0 and the new attack vectors it opens up. Worms of the Yamanner, Samy, and Spaceflash types are exploiting client-side AJAX frameworks, providing new avenues of attack and compromising confidential information. On the server side, XML-based Web services are providing distributed application access through Web services interfaces and opening up new vulnerabilities in the process." The article is spread over 6 short pages and there is no printer-friendly URL.

2 of 64 comments (clear)

  1. No substance by suv4x4 · · Score: 4, Interesting

    Most of those "attack vectors" boil down to injections and non-validated data, AKA "don't trust the user input". I don't know how they managed to multiply one single flaw into so many "vectors".

    And there's also this "attacking scripts in RSS": what was this supposed to mean? My RSS readers don't execute script in RSS. No examples, no links.

    One more talked about hijacking confidential information from a bank cookie. No example how this is done, just the author assumes we know how to automatically sniff the cookie, and that the bank doesn't use server-side sessions like 99% of them out there, but stores it all in a plain cookie.

    Basically the article is not as fun or informative as the title suggests.

    1. Re:No substance by daviddennis · · Score: 3, Interesting
      Guess what?

      Samy's worm did exactly that.

      Relevent extract from his fascinating account, well worth reading in its entirety:

      9) Finally we can do a POST! However, when we send the post it never actually adds a friend. Why not? Myspace generates a random hash on a pre-POST page (for example, the "Are you sure you want to add this user as a friend" page). If this hash is not passed along with the POST, the POST is not successful. To get around this, we mimic a browser and send a GET to the page right before adding the user, parse the source for the hash, then perform the POST while passing the hash.

      I must say I was quite impressed, not to mention frightened half to death, by what Samy went through to create his worm. It was not a simple task at all. I had thought before that nobody would waste their time doing something like this; I was, of course, wrong.

      The consequence of his story is that I changed my own social networking site to become a lot more secure. I didn't like doing it because I would have preferred to let people do what they want, but that artilce was a real eye opener as to how dangerous that would have been.

      D