Jump to content

Evil, but useful Javascript.


keetan

Recommended Posts

Now I've been reading and researching about Javascript vulnerabilities lately. I'm not too familiar with the language, but I'm hoping someone here can coach me on some things. Perhaps, make a guide to post under the guides' topic.

People called me about browsing to cox.net and azcentral.com that their AVG virus detected javascript exploits on the page. I've got McAfee and I detected nothing when I went there. Someone told me about a temp .js file that is the cause and that was quarantined. I've searched in my temp, found it, can't read it obviously, and then I became more curious. I know the history of the language has had trouble, but reading in the news lately, this is just the beginning of the worst. It's not about just taking over someone's PC anymore. That's childs play. From what I understand, it's finding the vulnerabilities in corporate web sites, (especially bank sites) and accessing the remote computer and databases without leaving a footprint. The code can even rewrite itself while its running to prevent detection. Javascript can be turned off of course, but most of the web has that component to interact with those on the user end. I've found a 3rd party company that can help my employer with detecting the SQL injections and weaknesses, but from one's knowledge greater than my own on this subject, how can I emphasize the importance of the partnership and the necessity for them? How big a threat will this really be for internet users in general?

I've also found a current news link with Mozilla in worries over the potential problem...http://www.linuxworld.com.au/index.php/id;1471826749;fp;2;fpid;1  Anyone's thoughts on this, I'm curious to know.

Link to comment
Share on other sites

Now I've been reading and researching about Javascript vulnerabilities lately. I'm not too familiar with the language, but I'm hoping someone here can coach me on some things. Perhaps, make a guide to post under the guides' topic.

People called me about browsing to Cox.net and azcentral.com that their AVG virus detected javascript exploits on the page. I've got McAfee and I detected nothing when I went there. Someone told me about a temp .js file that is the cause and that was quarantined. I've searched in my temp, found it, can't read it obviously, and then I became more curious. I know the history of the language has had trouble, but reading in the news lately, this is just the beginning of the worst. It's not about just taking over someone's PC anymore. That's childs play. From what I understand, it's finding the vulnerabilities in corporate web sites, (especially bank sites) and accessing the remote computer and databases without leaving a footprint. The code can even rewrite itself while its running to prevent detection. Javascript can be turned off of course, but most of the web has that component to interact with those on the user end. I've found a 3rd party company that can help my employer with detecting the SQL injections and weaknesses, but from one's knowledge greater than my own on this subject, how can I emphasize the importance of the partnership and the necessity for them? How big a threat will this really be for internet users in general?

I've also found a current news link with Mozilla in worries over the potential problem...http://www.linuxworld.com.au/index.php/id;1471826749;fp;2;fpid;1  Anyone's thoughts on this, I'm curious to know.

Hmmm I'm sure a good solution will be found soon  :undecided:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...