With fancy AJAX sites come fancy scripting bugs

How soon we all forget. Javascript vulnerabilities have been known for years. When they turned into a problem, browser developers added the option of turning off Java/Javascript, and placed said option on the privacy and security tabs of their browsers’ preference menus. People turned it off.

As I see it, a while later Google made Javascript kind of a “must have” when they introduced contextual ads – you can’t see any Adsense-based content ads if you turn off Javascript. Then developers rallied behind AJAX, as it made websites all kinds of dancing fancy, jumping around, menus a’ popin up and all that jazz.

Hackers enter stage left: AJAX can be tweaked to take over PCs.

“Ajax works under the covers to make websites really responsive, but criminals can just as easily use it under the covers to do some bad stuff.” – noted Billy Hoffman of SPI Dynamics, at Blackhat.

While you are being dazzled, someone may be stealing you blind. Yep, short-term memory.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.