Black Hat: Javascript Attacks on Steroids
Brian Krebs writes on Security Fix:
Just sat through a rather disturbing presentation here at Black Hat on how bad guys can use Javascript to circumvent hardware and software firewalls and wreak havoc on a target's internal network.More here.
Jeremiah Grossman and T.C. Niedzialkowski, both of Santa Clara, Calif.-based WhiteHat Security, showed Javascript tricks that could allow attackers to monitor which sites users have visited, change the configuration of their firewalls, and even record victims' keyboard strokes.
Using a Web server he and Niedzialkowski had seeded with invisible code, Grossman demonstrated how he could view which sites a test browser had recently visited. The code also divulged the user's internal network address -- information that is supposed to be hidden by the firewall. Later in the demo, he showed a Javascript attack that altered the test victim's firewall settings to allow attackers to punch through directly into the internal network.
posted by Fergie @ 8/03/2006 02:22:00 PM
0 Comments:
Post a Comment
<< Home