[LINK] AJAX May Be Considered Harmful

brd at iimetro.com.au brd at iimetro.com.au
Mon Jan 8 13:49:26 AEDT 2007

AJAX May Be Considered Harmful

"Security lists are abuzz about a presentation from the 23C3
conference<http://events.ccc.de/congress/2006/Home>, which details a
fundamental design flaw in Javascript

The technique, called Prototype Hijacking, allows an attacker to redefine any
feature of Javascript.

The paper is called 'Subverting AJAX'
(pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0
and could kill the Web as we know it."


Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au

This message was sent using iiMetro WebMail 

More information about the Link mailing list