Slashdot Mirror

← Back to Stories (view on slashdot.org)

AJAX May Be Considered Harmful

Posted by Zonk on from the web-20-needs-vitamins dept.

87C751 writes "Security lists are abuzz about a presentation from the 23C3 conference, which details a fundamental design flaw in Javascript. The technique, called Prototype Hijacking, allows an attacker to redefine any feature of Javascript. The paper is called 'Subverting AJAX' (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it."

19 of 308 comments (clear)

  1. first post by Anonymous Coward · · Score: 5, Funny

    So can I hijack slashdot to always get the first post?

  2. Nothing for you to see here. Please move along. by mobby_6kl · · Score: 3, Funny

    Not surprising considering that slashdot is slowly trying to AJAXify itself...

  3. The sky is falling! by udderly · · Score: 2, Funny

    Haven't RTFA yet, but I doubt it will live up to the hype.

    1. Re:The sky is falling! by Tablizer · · Score: 4, Funny

      Haven't RTFA yet, but I doubt it will live up to the hype.

      Which hype, AJAX itself or AJAX ending the world?

      Does Al Gore know anything about this?

      --
      Table-ized A.I.
  4. Web 2.0.1 by ticklish2day · · Score: 5, Funny

    Patch the hole and release Web 2.0.1. Good thing there's already a Web 3.0 in the works.

    1. Re:Web 2.0.1 by The+Bubble · · Score: 3, Funny

      Not even! Microsoft just released Internet 7.0. All you Mozilla fanboys need to catch up with the times and replace your kiddy 'nix boxes with the new Vista.

      </joke>

  5. Re:notabug by kfg · · Score: 2, Funny

    This paper is absolutely ridiculous, and its author is scaremongering

    He's obviously been watching to much local weather forecasting lately:

    "Scattered showers in the afternoon; Save the women and children!"

    The Society of Hysteria really is getting to be a bit much.

    KFG

  6. Re:notabug by mctk · · Score: 5, Funny

    Society of Hysteria? SOCIETY OF HYSTERIA? aaaaaaaaah! SAVE YOURSELF!

    --
    Paul Grosfield - the quicker picker upper.
  7. Re:FUD? by ednopantz · · Score: 4, Funny

    >(or was it written in FUD?)

    Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

  8. On the next episode of Days of Our Web2.0 Lives... by Chineseyes · · Score: 5, Funny

    A Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it lurks is the deep dark recesses of the javascript
    Who is this masked man known as the worm?
    Why does he hate Web 2.0 so much?
    Will this worm try to make us revert to Web 1.0?
    And does this worm have anything to do with disappearances of Web 1.1 through Web 1.9?
    This and much much more on the next epside of Days of our Web 2.0 Lives

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  9. Re:FUD? by monoqlith · · Score: 4, Funny

    . (or was it written in FUD?)

    Sadly, no. The FUD compiler was written in Javascript, and was hijacked.

  10. Already been done by Anonymous Coward · · Score: 1, Funny
    Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

    Check out these great functions from the std lib:

    halloweenDocuments();
    GetTheFacts();
    fundSCO();
      threatenToSueEasternGovernments();
    hoodwinkNovel l();
    ...who says Microsoft don't innovate?
  11. Re:FUD? by Mr.+Underbridge · · Score: 2, Funny

    Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

    Is that language derived from brainfuck?

  12. Re:Summary completely overhyped by Vo0k · · Score: 2, Funny

    1. Prepare malicious javascript code capable of subverting AJAX in the domain it's installed in.
    2. ???
    3. Subvert their AJAX, intercept their communications, change their content, kill the Web as we know it, and ultimately, profit!!!

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  13. AJAX May Be Considered Harmful by Original+Replica · · Score: 2, Funny

    Damn Right! If you mix that stuff with a chlorine bleach, the fumes will put you straight in the morgue.

    --
    We are all just people.
  14. Neuromancer by noz · · Score: 3, Funny
    ... a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it.
    My deck is damaged. I must break through the ICE! Where are my Yeheyuans?
  15. Re:Have you ever tried to deploy an AJAX applicati by bunions · · Score: 4, Funny
    It's just a JavaScript library that allows the page to communicate with the server without clicking a link and bringing up a new page. How does that encourage poor development?


    By enabling development to occur at all. The program that is never written has zero bugs and is therefore the perfect program.
    --
    there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
  16. Re:notabug by pboulang · · Score: 2, Funny

    I'll give you $5 if you ask your mom that and follow it up with a "pistol wink"

    --

    This comment is guaranteed*

    *not guaranteed

  17. AJAX May Be Considered Harmful by Elranzer · · Score: 1, Funny

    ... only if swallowed.