[SGVLUG] you're exploited!
Sean O'Donnell
sean at seanodonnell.com
Mon Jul 2 16:50:44 PDT 2007
matti wrote:
> Hi,
>
> well folks.. this is a very scary
> and worth your time podcast...
>
> scary stuff..
>
> http://podcast-files.cnet.com/podcast/SecurityBites0622.mp3
>
> cheers
> matti
>
Maybe I missed something (as is generally the case), but the issues
they're discussing (XSS, web-based spyware, keystroke logging, various
'new' attack vectors, etc) are nothing new.
These vulnerabilities have existed (and have been used) for a long time,
whether it's using iframe or 'AJAX', there are reasons why these
'techniques' should not be trusted, underestimated, or (imo) used.
What concerns me a bit, is the amount of PHP job-ads I see that require
AJAX experience (but don't require secure web programming fundamentals,
obviously), which tells me there will be nothing but more and more of
this to come.
*scary*
--
Sean O'Donnell
South Pasadena, CA
sean at seanodonnell.com
http://seanodonnell.com
PGP Public Key ID: 0xF57FB9E5
PGP Public Key Server: http://pgp.mit.edu
*The important thing is not to stop questioning. Curiosity has its own
reason for existing.*
More information about the SGVLUG
mailing list