Slashdot Mirror


Web 2.0 Under Siege

Robert writes "Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement. Fortify Software, which said it discovered the new class of vulnerability and has named it 'JavaScript hijacking', said that almost all the major Ajax toolkits have been found vulnerable. 'JavaScript Hijacking allows an unauthorized attacker to read sensitive data from a vulnerable application using a technique similar to the one commonly used to create mashups'"

1 of 170 comments (clear)

  1. Okay, I'll be the first to ask. by Z0mb1eman · · Score: 5, Insightful

    How is this different from cross-site scripting?

    "In an example attack, a victim who has already authenticated themselves to an Ajax application, and has the login cookie in their browser, is persuaded to visit the attacker's web site. This web site contains JavaScript code that makes calls to the Ajax app. Data received from the app is sent to the attacker."

    --
    ClutterMe.com - easiest site creation on the Net. Just click and type.