JavaScript opens doors to browser-based attacks

Hacking, cracking and bluejacking. Discussions on how to keep your stuff secure and private here.

Moderators: Andy, fac51, 117

Post Reply
User avatar
fac51
Gaming Guru
Posts: 14526
Joined: Sat Jun 14, 2003 11:00 am
Location: Rapture
Contact:
Contact fac51

JavaScript opens doors to browser-based attacks

Post by fac51 »

This one could be nasty if put into use.
Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.
"We have discovered a technique to scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "This technique can scan networks protected behind firewalls such as corporate networks."

A successful attack could have significant impact. For example, it could scan your home network, detect a router model and then send it commands to enable wireless networking and turn off all encryption, Hoffman said. Or it could map a corporate network and launch attacks against servers that will appear to come from the inside, he said.
source
Image
Top
Post Reply

Return to “Security & Privacy”