Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   Just a quick note to say thank you for assisting me with my annoying spyware issues a few weeks ago. The response I got was EXTREMELY swift, and I have learned alot from reading your message forums! - methdodius  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Services

See what services Cyber Tech Help can offer your business or website: CTH Services
CTH Services

Related MS Links

Related Links
Cyber Tech Help Community

To the top of the page to top

 



JavaScript bug hunting tool demonstrated

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

JavaScript bug hunting tool demonstratedJavaScript bug hunting tool demonstrated

Posted by: Tweaker
Date added: 23:02, 24th March 2007 GMT
Source: C/NET News

WASHINGTON, DC--A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help.

As expected, SPI Dynamics researcher Billy Hoffman demonstrated a Web application vulnerability scanner written in JavaScript. The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said.

But, in a change of plans, Hoffman did not publicly release Jikto. "The higher-ups first say we can, and then they change their mind," he said after his presentation. "We decided to focus on the educational message and show people the danger."

Another SPI Dynamics representative at ShmooCon said the company had decided not to release Jikto because that could play into the hands of cybercrooks. "We do not want to release anything that could be used for malicious purposes," said Michael Sutton, a security evangelist for the company, which sells Web security tools.

Hoffman said he demonstrated Jikto to raise awareness. Vulnerabilities in Web sites could be exploited to inject malicious JavaScript code, which puts users at serious risk, he said. Jikto itself, for example, can be placed on a trusted site by exploiting a common Web security hole known as a cross-site scripting flaw, he said.

"The whole point was to show how scary cross-site scripting has become," Hoffman said. While some in the security industry claim such flaws are minor, Hoffman has demonstrated that they could be serious, particularly in combination with JavaScript. "This is code execution," he said. "JavaScript completely blows away the security model."

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]