| |
JavaScript opens doors to browser-based attacks
by Acidus at 3:02 pm EDT, Jul 31, 2006 |
...said Fyodor Vaskovich, creator of the popular Nmap network port scanning tool... "But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come." There have been similar attempts to craft JavaScript-based network scanners, but none as advanced as the SPI Dynamics example, Vaskovich said. "SPI Dynamics deserves credit for a clever attack vector and a solid demonstration of the issue. Their method of fingerprinting servers by checking for default image paths and names is slick."
When the definitive source on port scanning gives you massive props in a public forum, you should do a little dance... [dance] [dance] [dance] My dance makes HR sad. |
| |
RE: JavaScript opens doors to browser-based attacks
by Catonic at 5:04 pm EDT, Jul 31, 2006 |
Acidus wrote: ...said Fyodor Vaskovich, creator of the popular Nmap network port scanning tool... "But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come." There have been similar attempts to craft JavaScript-based network scanners, but none as advanced as the SPI Dynamics example, Vaskovich said. "SPI Dynamics deserves credit for a clever attack vector and a solid demonstration of the issue. Their method of fingerprinting servers by checking for default image paths and names is slick."
When the definitive source on port scanning gives you massive props in a public forum, you should do a little dance... [dance] [dance] [dance] My dance makes HR sad.
Hey, you've earned it man. |
|
| | |
RE: JavaScript opens doors to browser-based attacks
by Acidus at 5:39 pm EDT, Jul 31, 2006 |
Catonic wrote: Acidus wrote: ...said Fyodor Vaskovich, creator of the popular Nmap network port scanning tool... "But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come." There have been similar attempts to craft JavaScript-based network scanners, but none as advanced as the SPI Dynamics example, Vaskovich said. "SPI Dynamics deserves credit for a clever attack vector and a solid demonstration of the issue. Their method of fingerprinting servers by checking for default image paths and names is slick."
When the definitive source on port scanning gives you massive props in a public forum, you should do a little dance... [dance] [dance] [dance] My dance makes HR sad.
Hey, you've earned it man.
No really, my dance makes HR sad. Allison, today, ~ 11am "Billy, thats really not appropriate." |
|
|
|
