Acidus wrote: Ok, so no one can access you system calls unless they are using your application, but most of hte Ajax stuff I'm focusing on is exploiting the application inside the context of the application (i.e. tampering with variables while its being used, control flow modification, data leakage, etc). This "you can only access the callback if you are really using the application" approach doesn't sound promising because it doesn't really address the problem, it attempts to limit access to the problem.
I had a feeling this was the case, so, yeah, my initial thought was that obfuscating function calls isn't that helpful. The emulating SSL with JavaScript is just damn scary. They are doing it very insecurely instead of kind of insecurely.
I hadn't even dug that far into it, but that does sound stupid based on my minimal knowledge. Your explanation seems to indicate the depth of retarditude. redardicity? anyway. it's cool to hear your perspective. I was pretty sure this wasn't all it claimed to be. enjoy raping it ;) RE: SAJA, and the smoking of the crack |