[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!
Paul Graydon
paul at paulgraydon.co.uk
Sun Aug 13 16:14:54 UTC 2006
Well, I tried it on mine, we've got an old Netgear ADSL router, with
uPnP turned on for the internal network, as it allows programs like
azureus to open up ports as and when I use the program rather than
having them open all the time or remembering to re-add the rule each time.
Doesn't seem to achieve anything other than know my win32 box exists and
thats it. Can't complain much about that. *shrug*
Paul
Steven Dobson wrote:
> All
>
> I've just got word that a port scanning JavaScript proof of concept
> security compromise has been show to work. This is not a bug in
> JavaScript! The script is valid, does NOT exploit any buffer overruns
> or problems in the JavaScript interpreter and works properly within the
> sandbox. I've run it on my AMD64 Firefox and it worked just fine.
>
> Here is the start of the article[1]:
> "Imagine visiting a blog on a social site or checking your email
> on a portal like Yahoo’s Webmail. While you are reading the Web
> page JavaScript code is downloaded and executed by your Web
> browser. It scans your entire home network, detects and determines
> your Linksys router model number, and then sends commands to the
> router to turn on wireless networking and turn off all encryption."
>
> BTW: The reference Linksys is because it has been found that there is a
> bug with Universal Plug And Play (UPNP) is a range of wired & wireless
> D-Link routers. [2]
>
> Steve
>
> [1]
> http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html
>
>
> [2]
> http://www.eeye.com/html/research/advisories/AD20060714.html
>
> ------------------------------------------------------------------------
>
> __
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> E-mail Address: sussex at mailman.lug.org.uk
> Sussex LUG Website: http://www.sussex.lug.org.uk/
> https://mailman.lug.org.uk/mailman/listinfo/sussex
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
>
More information about the Sussex
mailing list