[LINK] AJAX May Be Considered Harmful

Richard Chirgwin rchirgwin at ozemail.com.au
Mon Jan 8 14:32:46 AEDT 2007


brd at iimetro.com.au wrote:
> AJAX May Be Considered Harmful
> Slashdot
> http://it.slashdot.org/it/07/01/06/216245.shtml
>
> "Security lists are abuzz about a presentation from the 23C3
> conference<http://events.ccc.de/congress/2006/Home>, which details a
> fundamental design flaw in Javascript
> <http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html>.
>
> The technique, called Prototype Hijacking, allows an attacker to redefine any
> feature of Javascript.
>
> The paper is called 'Subverting AJAX'
> <http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf>
> (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0
> and could kill the Web as we know it."
>
>   
That's an equivocation that crosses an awful lot of space, really 
quickly, on really stumpy short little legs ... Web 2.0 == "the Web as 
we know it."

RC



More information about the Link mailing list