Slashdot Mirror


AJAX May Be Considered Harmful

87C751 writes "Security lists are abuzz about a presentation from the 23C3 conference, which details a fundamental design flaw in Javascript. The technique, called Prototype Hijacking, allows an attacker to redefine any feature of Javascript. The paper is called 'Subverting AJAX' (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it."

11 of 308 comments (clear)

  1. first post by Anonymous Coward · · Score: 5, Funny

    So can I hijack slashdot to always get the first post?

  2. Nothing for you to see here. Please move along. by mobby_6kl · · Score: 3, Funny

    Not surprising considering that slashdot is slowly trying to AJAXify itself...

  3. Web 2.0.1 by ticklish2day · · Score: 5, Funny

    Patch the hole and release Web 2.0.1. Good thing there's already a Web 3.0 in the works.

    1. Re:Web 2.0.1 by The+Bubble · · Score: 3, Funny

      Not even! Microsoft just released Internet 7.0. All you Mozilla fanboys need to catch up with the times and replace your kiddy 'nix boxes with the new Vista.

      </joke>

  4. Re:notabug by mctk · · Score: 5, Funny

    Society of Hysteria? SOCIETY OF HYSTERIA? aaaaaaaaah! SAVE YOURSELF!

    --
    Paul Grosfield - the quicker picker upper.
  5. Re:FUD? by ednopantz · · Score: 4, Funny

    >(or was it written in FUD?)

    Ok, I propose we create a new programming language called FUD. Variables will be assumed to have their most sinister values and be impossible to verify.

  6. On the next episode of Days of Our Web2.0 Lives... by Chineseyes · · Score: 5, Funny

    A Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it lurks is the deep dark recesses of the javascript
    Who is this masked man known as the worm?
    Why does he hate Web 2.0 so much?
    Will this worm try to make us revert to Web 1.0?
    And does this worm have anything to do with disappearances of Web 1.1 through Web 1.9?
    This and much much more on the next epside of Days of our Web 2.0 Lives

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  7. Re:FUD? by monoqlith · · Score: 4, Funny

    . (or was it written in FUD?)

    Sadly, no. The FUD compiler was written in Javascript, and was hijacked.

  8. Re:The sky is falling! by Tablizer · · Score: 4, Funny

    Haven't RTFA yet, but I doubt it will live up to the hype.

    Which hype, AJAX itself or AJAX ending the world?

    Does Al Gore know anything about this?

  9. Neuromancer by noz · · Score: 3, Funny
    ... a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it.
    My deck is damaged. I must break through the ICE! Where are my Yeheyuans?
  10. Re:Have you ever tried to deploy an AJAX applicati by bunions · · Score: 4, Funny
    It's just a JavaScript library that allows the page to communicate with the server without clicking a link and bringing up a new page. How does that encourage poor development?


    By enabling development to occur at all. The program that is never written has zero bugs and is therefore the perfect program.
    --
    there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.