Or: How I learned how to port scan company intranets using JavaScript!

Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

This scenario is no longer one of fiction.

You can visit the proof of concept page I created and test drive it now.

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript

Robert Morris is an associate professor of computer science at MIT, where he is a member of the PDOS group. He has published extensively on wireless networks, distributed operating systems, and peer-to-peer applications. In 1988 his discovery of buffer overflow first brought the Internet to the attention of the general public.

... by bringing the entire Internet to a crashing halt.

About Y Combinator

While MSOs risk losing some of their DVR customers if fast-forwarding were blocked, Shaw said the cable operators--who are beefing up their own local ad sales operations--"are in the same business we're in." "They've got to sell ads too," he said. "So if everybody's skipping everybody's ads, that's not a long-term business model for them either."

Don't buy the network exec's bullshit about DVRs destorying the broadcast business model. The business model isn't going anywhere, it just needs to change. 8 minutes of interlaced ads in a 22 minute show just doesn't work anymore.

A change in the broadcast business model also happened back in in the 50s and 60s. Before that, one company like Jello pudding would sponser an entire show for an entire season. They are called soap opera's for a reason! But that model stopped working when people had more choices. Companies had to places their TV ad dollars in more baskets to get the same amount of exposure. I wonder if network execs bitched as much then as they do now.

Business models shift, but they rarely disappear. Stop issuing press releases about how you fail to understand basic business theories.

ABC wants to break DVR's fast forward feature.

This crazy dude is running a blog by posting articles, comments, even advertisments in his /robots.txt file! WTF?

Blogging in your Robots.txt

This is Ted Stevens explaining how the Internet works and why accordingly we don't need net neutrality laws. It is such a gem, I don't know what block text to quote. Instead, here are a few choice quotes:

I just the other day got, an internet was sent by my staff at 10 o'clock in the morning on Friday and I just got it yesterday. Why?

We use this internet to communicate and we aren't using it for commercial purposes. We aren't earning anything by going on that internet.

Maybe there is a place for a commercial net but it's not using what consumers use every day.

[the Internet]'s not using the messaging service that is essential to small businesses, to our operation of families.

Now we have a separate Department of Defense internet now, did you know that?

No, I'm not finished. I want people to understand my position, I'm not going to take a lot of time.

Seantor Ted Steven explains the Internet

I just received an email with an html attachment, on a yahoo account.

When I opened the mail, yahoo automatically displayed the html, and executed
the code within. What the hell. =) It forwarded the message to my contacts
list, (or some other set of addresses, dunno,) and redirected my browser to
a website.

XSS-based worm spreading through Yahoo's web mail. Looking an an email message causes the XSS to run. The XSS uses AJAX to make an HTTP POST to the URL on YAhoo for sending mail. The worm does this to send email containing the worm to everyone in your address book and sends your address book to a 3rd party. Probably to sell your email address to spammers.

This is a great example of XSS+AJAX=BAD! Even if Yahoo mail doesn't use AJAX, the XSS can use AJAX to make requests for you using your credentials.

XSS worm spreading through Yahoo webmail

Found this while doing some massive crawls. Has links like to information about each of Qwest's phone switches like features, activition date, replacement date, etc.

Example of switch lookup

Info on Qwest's phone switches

Yes, its true. The NSA asked and is currently receiving telephone call details on nearly every citizen in the US. These aren't international calls, these are calls from someone in the US to someone else in the US. Call details aren't the actual content of the calls. It is things like which number called which, what time the call was made, and how long the call was. Over 200 million people are being track *right now* and its been happening since just after 9/11.

There was no warrant, no authorization by the secret FISA court. The NSA just asked Version, SBC, AT&T, BellSouth and the like to be a patriot and turn the data over. What do those companies have to say for themselves now?

AT&T: "We do not comment on matters of national security, except to say that we only assist law enforcement and government agencies charged with protecting national security in strict accordance with the law."

BellSouth: "BellSouth does not provide any confidential customer information to the NSA or any governmental agency without proper legal authority."

Verizon: "We do not comment on national security matters, we act in full compliance with the law and we are committed to safeguarding our customers' privacy."

The only major company who didn't comply was Qwest. They wanted some kind of ruling from the FISA count, which normally handles these things...

Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events

When it it become OK for the government to spy on its people?

USATODAY: NSA tracking nearly every *domestic* phone call in the US

Hugh and Dave's Online Wines is not really a winestore. It's an application that demonstrates the concepts of web database applications, and is downloadable source code that you can use freely under this license. It pretends to give customers from around the world the opportunity to buy over 1000 wines that come from more than 300 wineries throughout Australia.

The case study website from O'Reilly'd tome on LAMP development. The book is enjoyable with a lovely chapter on securing web applications. Kind of ironic since it took about 45 seconds to find some XSS. Take a peak and see if you can't too.

O'Reilly's 'PHP and MySQL'

Want to learn Ruby? Here's a fun web app which lets you try it inside the browser

try ruby! (in your browser)