Evil, but useful Javascript.

[keetan]

Now I've been reading and researching about Javascript vulnerabilities lately. I'm not too familiar with the language, but I'm hoping someone here can coach me on some things. Perhaps, make a guide to post under the guides' topic.

People called me about browsing to cox.net and azcentral.com that their AVG virus detected javascript exploits on the page. I've got McAfee and I detected nothing when I went there. Someone told me about a temp .js file that is the cause and that was quarantined. I've searched in my temp, found it, can't read it obviously, and then I became more curious. I know the history of the language has had trouble, but reading in the news lately, this is just the beginning of the worst. It's not about just taking over someone's PC anymore. That's childs play. From what I understand, it's finding the vulnerabilities in corporate web sites, (especially bank sites) and accessing the remote computer and databases without leaving a footprint. The code can even rewrite itself while its running to prevent detection. Javascript can be turned off of course, but most of the web has that component to interact with those on the user end. I've found a 3rd party company that can help my employer with detecting the SQL injections and weaknesses, but from one's knowledge greater than my own on this subject, how can I emphasize the importance of the partnership and the necessity for them? How big a threat will this really be for internet users in general?

I've also found a current news link with Mozilla in worries over the potential problem...http://www.linuxworld.com.au/index.php/id;1471826749;fp;2;fpid;1  Anyone's thoughts on this, I'm curious to know.

[Junerian]

Now I've been reading and researching about Javascript vulnerabilities lately. I'm not too familiar with the language, but I'm hoping someone here can coach me on some things. Perhaps, make a guide to post under the guides' topic.

People called me about browsing to Cox.net and azcentral.com that their AVG virus detected javascript exploits on the page. I've got McAfee and I detected nothing when I went there. Someone told me about a temp .js file that is the cause and that was quarantined. I've searched in my temp, found it, can't read it obviously, and then I became more curious. I know the history of the language has had trouble, but reading in the news lately, this is just the beginning of the worst. It's not about just taking over someone's PC anymore. That's childs play. From what I understand, it's finding the vulnerabilities in corporate web sites, (especially bank sites) and accessing the remote computer and databases without leaving a footprint. The code can even rewrite itself while its running to prevent detection. Javascript can be turned off of course, but most of the web has that component to interact with those on the user end. I've found a 3rd party company that can help my employer with detecting the SQL injections and weaknesses, but from one's knowledge greater than my own on this subject, how can I emphasize the importance of the partnership and the necessity for them? How big a threat will this really be for internet users in general?

I've also found a current news link with Mozilla in worries over the potential problem...http://www.linuxworld.com.au/index.php/id;1471826749;fp;2;fpid;1  Anyone's thoughts on this, I'm curious to know.

Hmmm I'm sure a good solution will be found soon