Slashdot Mirror


Web 2.0 Under Siege

Robert writes "Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement. Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"

4 of 170 comments (clear)

  1. Hunt them down and kill them by sycodon · · Score: 0, Flamebait

    ...every last punkwad that attacks someone's computer systems for fun or profit.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Hunt them down and kill them by sycodon · · Score: -1, Flamebait

      I guess the moderator is a punkwad who enjoys breaking into people's computers.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  2. Adobe and MS should be happy about this by parvenu74 · · Score: -1, Flamebait

    Or anyone else who would have a vested interest in seeing "Web 2.0" technology fail in order that they might sell us things like Flash developer platforms or WPF(/e) to solve our Web 2.0 woes.

  3. I beg to differ by Anonymous Coward · · Score: -1, Flamebait

    Don't use AJAX. Problem solved. Your site NEEDS javascript? Why? To deliver advertising? For cute little mouseover animations? I probably would HATE your crappy site!

    As number two said to number six, "Information! We want information! And by hook or by crook, we'll get it."

    And if your pathetic round-edged blinkey twirley site won't work without javascript, we'll go elsewhere. I used to visit weather.com almost daily, but since they added their "interactive" maps that won't work in Firefox on Linux, I just go to one of the thousands of other places on the net to get a forecast, see the temperature, and view radar.

    If you make the web insecure for me, if you make the web unuseable for me, I'm stupid for visiting your site. And not all of us are stupid.

    Please consider your use of AJAX. Please use javascript and Flash only where absolutely necessary - and even then, triple check to make sure it's ABSOLUTELY necessary. Stop fucking up the internet for me!