[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!

Steven Dobson steve at dobson.org
Sun Aug 13 09:51:38 UTC 2006


All

I've just got word that a port scanning JavaScript proof of concept
security compromise has been show to work.  This is not a bug in
JavaScript!  The script is valid, does NOT exploit any buffer overruns
or problems in the JavaScript interpreter and works properly within the
sandbox.  I've run it on my AMD64 Firefox and it worked just fine.

Here is the start of the article[1]:
    "Imagine visiting a blog on a social site or checking your email
    on a portal like Yahoo’s Webmail. While you are reading the Web
    page JavaScript code is downloaded and executed by your Web
    browser. It scans your entire home network, detects and determines
    your Linksys router model number, and then sends commands to the
    router to turn on wireless networking and turn off all encryption."

BTW: The reference Linksys is because it has been found that there is a
bug with Universal Plug And Play (UPNP) is a range of wired & wireless
D-Link routers.  [2]

Steve

[1]
http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html


[2]
http://www.eeye.com/html/research/advisories/AD20060714.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060813/dccac477/attachment.pgp 


More information about the Sussex mailing list