[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!
Steven Dobson
steve at dobson.org
Sun Aug 13 09:51:38 UTC 2006
All
I've just got word that a port scanning JavaScript proof of concept
security compromise has been show to work. This is not a bug in
JavaScript! The script is valid, does NOT exploit any buffer overruns
or problems in the JavaScript interpreter and works properly within the
sandbox. I've run it on my AMD64 Firefox and it worked just fine.
Here is the start of the article[1]:
"Imagine visiting a blog on a social site or checking your email
on a portal like Yahoo’s Webmail. While you are reading the Web
page JavaScript code is downloaded and executed by your Web
browser. It scans your entire home network, detects and determines
your Linksys router model number, and then sends commands to the
router to turn on wireless networking and turn off all encryption."
BTW: The reference Linksys is because it has been found that there is a
bug with Universal Plug And Play (UPNP) is a range of wired & wireless
D-Link routers. [2]
Steve
[1]
http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html
[2]
http://www.eeye.com/html/research/advisories/AD20060714.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060813/dccac477/attachment.pgp
More information about the Sussex
mailing list