Improper JavaScript Coding Creates Web FlawsThe ShmooCon hackers' convention made its third annual launch in Washington, D.C., on March 23, 2007. It will run over the weekend with deliveries of lectures and presentations relating to a range security issues for enterprises, reported Infoworld on March 23, 2007. At the event there will be presentations of JavaScript coding errors and sessions for Web developers who do not have experience with emerging programming techniques. According to researchers, these gaps pose as serious threats to the safety of many websites and their visitors. In his lecture at the convention, Billy Hoffman, lead research engineer at software creator SPI Dynamics said, cyber criminals could exploit website vulnerabilities to insert corrupt JavaScript code creating serious danger for users. News.Zdnet published this on March 24, 2007. So the threat revolves around JavaScript errors and unprotected use of Web programming languages like AJAX. The AJAX programming language combines JavaScript and XML, both asynchronous in many well known Web sites and software applications. Web worms are increasingly using AJAX to move through sites, search new targets and then proliferate. There is a growing trend of web malware using AJAX, which is also growing in sophistication. In some attacks AJAX is being combined with Flash to use each other's strength in delivering payloads. In fact there are hybrid uses of several technologies to design attacks, Hoffman said. Over the past two years, there have been instances where JavaScript had been doing multiple activities from stealing cookies, to keylogging, screen scraping and initiating different types of phishing attacks. JavaScript had been more annoying than other attacks. Now it serves for new malicious purposes like port scanning that creates self-spreading malware and to steal browser information, Hoffman said. Infoworld published this on March 24, 2007. According to the researcher, although prominent Web sites are clearing out these vulnerabilities but the size of operations of online organizations and the improper application of JavaScript are creating most of the problems. The solution is now to get rid of the problems in the pages and slow down use of newer languages like AJAX, which seems to circumvent web security tools, said Hoffman. Related article: Inappropriate IT Decisions Leads to Security Dangers ยป SPAMfighter News - 3/31/2007 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!