Web 2.0 Under Siege
Robert writes "Security researchers have found what they say is an entirely new kind of web-based
attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement.
Fortify Software, which said it discovered the new class of vulnerability and has named it
'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript
Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable
application using a technique similar to the one commonly used to create mashups'"
...every last punkwad that attacks someone's computer systems for fun or profit.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Or anyone else who would have a vested interest in seeing "Web 2.0" technology fail in order that they might sell us things like Flash developer platforms or WPF(/e) to solve our Web 2.0 woes.
Don't use AJAX. Problem solved. Your site NEEDS javascript? Why? To deliver advertising? For cute little mouseover animations? I probably would HATE your crappy site!
As number two said to number six, "Information! We want information! And by hook or by crook, we'll get it."
And if your pathetic round-edged blinkey twirley site won't work without javascript, we'll go elsewhere. I used to visit weather.com almost daily, but since they added their "interactive" maps that won't work in Firefox on Linux, I just go to one of the thousands of other places on the net to get a forecast, see the temperature, and view radar.
If you make the web insecure for me, if you make the web unuseable for me, I'm stupid for visiting your site. And not all of us are stupid.
Please consider your use of AJAX. Please use javascript and Flash only where absolutely necessary - and even then, triple check to make sure it's ABSOLUTELY necessary. Stop fucking up the internet for me!