07-30-2006, 01:28 PM
2 articles on Javascript security problems:
full article: http://news.com.com/JavaScript+opens+doo...g=nefd.top
full article: http://news.com.com/FAQ+JavaScript+insec...g=nefd.hed
Quote:Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.
The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said...
A successful attack could have significant impact. For example, it could scan your home network, detect a router model and then send it commands to enable wireless networking and turn off all encryption, Hoffman said. Or it could map a corporate network and launch attacks against servers that will appear to come from the inside, he said...
full article: http://news.com.com/JavaScript+opens+doo...g=nefd.top
Quote:FAQ: JavaScript insecurities
Web sites are becoming more interactive thanks to JavaScript, but the increased use of the decade-old scripting language is raising security questions.
JavaScript is playing a major role in the Web 2.0 boom, which is causing a splash as it stretches the boundaries of what Web sites can do. But malicious JavaScript, especially in combination with increasingly common Web site security flaws, could lead to insidious Web-based attacks, security experts warn...
full article: http://news.com.com/FAQ+JavaScript+insec...g=nefd.hed