Jikto: JavaScript drone - MURC

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

X

Dr Mordrid

Moderator

Join Date: Apr 2001

Posts: 26592
- Share
- Tweet
#1

Jikto: JavaScript drone

27 March 2007, 06:43

Article....

Tool Turns Any JavaScript-Enabled Browser into a Malicious Drone

A new tool too dangerous to give away can turn any PC - Windows, Mac, Linux - or any device with a browser into a site attacker.

The tool, called Jikto, is a Web application scanner that searches for cross-site scripting vulnerabilities. Billy Hoffman, a security researcher with SPI Dynamics, demonstrated what the tool could do at the ShmooCon hacker convention March 24. Namely, Jikto, which is written in JavaScript, can surreptitiously latch onto a browser that has JavaScript enabled.

After silently inserting itself to run inside any browser - be it that of a PC, a cell phone - Jikto can then search sites for cross-site scripting vulnerabilities and report its findings to a third party without the user of the infected browser being aware.

It can also replicate itself onto sites containing cross-site scripting vulnerabilities and then spread via latching onto visiting browsers, Hoffman told eWEEK in an interview.

This is something that JavaScript wasn't supposed to be able to do, but unfortunately, Hoffman said, it can.
>

Dr. Mordrid
----------------------------
An elephant is a mouse built to government specifications.

I carry a gun because I can't throw a rock 1,250 fps
Tags: None
Jessterw

Style Master, Rtd.

Join Date: Jul 2002

Posts: 4265
- Share
- Tweet
#2

27 March 2007, 09:12

Interesting.

Edited your thread title to be accurate; JS != Java

â€œAnd, remember: there's no 'I' in 'irony'â€ ~ Merlin Mann
Comment
Dr Mordrid

Moderator

Join Date: Apr 2001

Posts: 26592
- Share
- Tweet
#3

27 March 2007, 09:56

Thx, was still a bit foggy when I titled that

Dr. Mordrid
----------------------------
An elephant is a mouse built to government specifications.

I carry a gun because I can't throw a rock 1,250 fps
Comment
Jessterw

Style Master, Rtd.

Join Date: Jul 2002

Posts: 4265
- Share
- Tweet
#4

27 March 2007, 10:08

I think your body was trying to tell you it needed more JAVA in your system

I know mine did this morning.

â€œAnd, remember: there's no 'I' in 'irony'â€ ~ Merlin Mann
Comment
Dr Mordrid

Moderator

Join Date: Apr 2001

Posts: 26592
- Share
- Tweet
#5

27 March 2007, 11:06

Don't drink coffee.

Dr. Mordrid
----------------------------
An elephant is a mouse built to government specifications.

I carry a gun because I can't throw a rock 1,250 fps
Comment
Sasq

Administrator

Join Date: Jan 2001

Posts: 4632
- Share
- Tweet
#6

27 March 2007, 15:55

gave up drinking it years ago, i just swim in a vat of it at work and absorb it directly through my skin

Juu nin to iro

English doesn't borrow from other languages. It follows them down dark alleys, knocks them over, and goes through their pockets for loose grammar.
Comment

Previous template Next

Working...

X