Just got sent this by Rick Williams…
Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the ‘Web 2.0′ movement.
Vulnerable frameworks include: Microsoft ASP.NET AJAX (aka. Atlas), XAJAX and Google Web Toolkit, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit.
- Previous Post
- April 3, 2007
- 2 Comments
- Next Post
Keith
Posted: April 3, 2007
haha, no one is safe!! Have you seen this: https://addons.mozilla.org/en-US/firefox/addon/966
Very useful for developing web apps, and like all good things, potentially dangerous in the wrong hands
Rich
Posted: April 3, 2007
Hi Keith,
A lot of people I know use Tamper, but I prefer Charles (great great app!), ServiceCapture is also good.
I've been doing an awful lot of JavaScript+XML loading recently (*shudders*), and without Firebug (a truly amazing Firefox plugin) I think things would be a lot worse.
The requirements for more visually exciting things are really starting to strain poor JavaScript 1.5 and the chewing gum and sticky tape approaches that are widely accepted.