Ajaxy Web 2.0 apps vulnerable to attacks
According to Fortify Software, 11 out of 12 of the most popular Ajax/JS frameworks are vulnerable to javascript hijacking. So apparently every shiney web 2.0 app out there is ripe for the picking!
“Fortify said that the “pervasive and critical vulnerability” is present in 11 of the 12 most popular AJAX frameworks, and therefore in many Web 2.0 applications. It allows an attacker to pose as the application’s user and intercept data sent via JavaScript commands, by using the script tag to circumvent the ‘same origin policy’ imposed by web browsers.”
“JavaScript Hijacking appears to be a ubiquitous problem,” said Fortify. It claimed that only Direct Web Remoting (DWR) 2.0, a project which dynamically generates Java classes on the server from JavaScript, is immune to the attack, but said that fixes are available or feasible for other AJAX frameworks.
I’ve never heard of Direct Web Remoting before, but hey, maybe there is something to be learned here. The article doesn’t talk specifically about Prototype or Scriptaculous but I’m sure they among the bunch.
Here is the Yahoo! story: Web 2.0 apps vulnerable to attack
.
Posted on April 4, 2007
Filed Under Business, CSS/XHTML, Daily Thoughts, Design, Entertainment, General, Hosting, Mobile Tech, PHP/MySQL, Quotes, Ranting, Ruby on Rails, Security, Startup, Tech, Web
Related Posts:
-
7 Reasons Why Web 2.0 Apps Fail
Unsecured WiFi in NYC to be outlawed?
Dutch smash 100,000 strong zombie army
People don’t use social software?
Zed Shaw’s PDF Book on Deploying,Serving and Extending Ruby apps with Mongrel
Adobe Apollo Launches. Competition on Horizon
Comments
2 Responses to “Ajaxy Web 2.0 apps vulnerable to attacks”
Leave a Reply
-
Projects
-
Search it all
-
About
I'm Marston and here you'll find my rantings, rhetoric and other useful info. I dig tech, photography, quantum physics and organic food. I'm the founder of SugarStats.com and thats my days developing.
-
Flickr
www.flickr.com
This is a Flickr badge showing public photos from Marston A.. Make your own badge here.
-
Twitter
- Just landed in Amsterdam, oh how I missed my 3G. Back from vacation and all refreshed to get back to work 4 hrs ago
- SS Blog: Diabetic Chinese skiier drops out of life after the olympics…: Wow, This is really sad&#.. http://tinyurl.com/5p5ylt 2 days ago
- Yup, still alive on vacation. Finally found an internet cafe. Almost time to come back to 'civilization', but is that a good thing? 3 days ago
- SS Blog: Drivers License……Insulin Dep…bright red and on the front!!!: I happened to pull out my F.. http://tinyurl.com/6zfzys 4 days ago
- SS Blog: The Lesser of Evils? Side Effects and Diabetes Medications: Dearest Readers, do not use .. http://tinyurl.com/56uwmn 6 days ago
- SS Blog: Nick Jonas and Elliott Yamin…..livin out loud with the D: Recently Elliott and Nick have.. http://tinyurl.com/6r5b6f 1 week ago
- SS Blog: Just spoke to another struggling with costs of diabetes healthcare…and I don’t mean just.. http://tinyurl.com/6pzo7m 1 week ago
- SS Blog: Feeling Fine versus Being Fine–do high glucose numbers matter?: “As long as I feel.. http://tinyurl.com/68hfok 2 weeks ago
- More updates...
Ajaxy Web 2.0 apps vulnerable to attacks…
According to Fortify Software, 11 out of 12 of the most popular Ajax/JS frameworks are vulnerable to javascript hijacking. So apparently every shiney web 2.0 app out there is ripe for the picking!
“Fortify said that the “pervasive and c…
[...] Ajaxy Web 2.0 apps vulnerable to attacks [...]