JavaScript opens doors to browser-based attacks

[infoseeker]

as another way of hacking.......

Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as routers or printers.

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.

"We have discovered a technique to scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "This technique can scan networks protected behind firewalls such as corporate networks."

READ HERE

[SoreVexed]

Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as routers or printers.

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.

"We have discovered a technique to scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "This technique can scan networks protected behind firewalls such as corporate networks."
READ HERE

You don't say..... How long did it take them to "Research" this? I don't mean to sound rude, but i have seen this happen and I have a few friends that know how to do these things. JavaScript has been around for a long time. It seems that all these software developers keep not only opening, but CREATING doors for attackers to come in. It kinda dissappoints me to hear how vulnerable you can be with most software.

heh....but it does not surprise me.....lol

[black_magiic]

that's why using the no-script firefox extension is a good idea

[SoreVexed]

another fine example fo solid programing id say. i use firefox on linux for home computer usage. i just dont like taking un-nesisary risks.

(bad spelling)

[Boomer The Dog]

I have Firefox with NoScript on it too. Almost every site works woof without scripts, but sometimes submit buttons won't activate without scripts on. If I really need it, like to order something, I just turn scripts on for that session.

The biggest problem is when friends come over to use my computer. They seem to brilliantly find every site that will break because of no Javascript, and I have to keep apologizing for my poor computer!

[phalkon30]

I know the feeling, I use the Proxomitron for web filtering. It works on almost every site I visit, except when friends use it and I have to bypass it for them.

[Boomer The Dog]

I also have Proxomitron, Naoko 4.5, and I was using it for filtering before I had Firefox, mainly for pop-ups, which used to be such a menace on the net, and I wasn't having fun surfing because of them.

A friend comes over and wants to check Paypal or something, it's like, 'See that little green triangle, click it and bypass all filters.'

Well you know that Prox supports different configs, so we could set one up with only light filtering, called 'Friends.cfg'

[phalkon30]

I don't think I'd ever bother switching configs when a friend sits down (and I don't do multiple user accounts). I usually just add sites to the bypass.txt file, it still removes the ads, but leaves the main site alone for the most part.