JavaScript dangers discussed at CanSecWest conference

    As the importance of JavaScript technology for websites and its application in web 2.0 web pages with interactive elements grows, hackers pay more attention to this scripting language. The dangers of JavaScript were spoken by IT security experts at the CanSecWest conference on Wednesday.

    JavaScript malicious scripts are carefully hidden, says Jose Nazario, senior security engineer at Arbor Networks. The script text is divided into many components, encrypted, diluted with garbage commands. Some scripts even add features that make it difficult to debug or run in virtual machines. “Attackers can destroy warnings and all kinds of verification procedures. Often they even limit the ability to download scripts to specific IP addresses. ” For example, anti-virus companies that hit a malicious website may receive a blank page, while an ordinary user can exploit it.

    Researchers warned several years ago of future worms that could be distributed via online user profiles using JavaScript scripts. In 2005, such a worm appeared on MySpace. Last year, writing malicious code in JavaScript and AJAX moved from research to commercial. In February, Websense, an IT security company, discovered that the Dolphin Stadium website had been infected with a JavaScript Trojan code: instead of simply replacing the text on the main page, the attackers embedded an invisible malicious code there. Further research showed that dozens of sites were already infected in this way. And in March, security researcher Billy Hoffman demonstrated a botnet script, Jikto, written in JavaScript and running through a browser.

    Most experts who attended the conference agreed that the number of threats using JavaScript will increase over time.

    www.securitylab.ru/news/294771.php
    - In your opinion, is there a real increase in hacks due to the spread of JavaScript in website building?
    ... for me, this is the case in any scripting language, if the programmer is not competent enough, so these holes will appear mainly not from the ideality of the language, but from the human factor.

    Also popular now: