Billy Hoffman: 'Would you like a destoyed Internet with your JavaScript?'
Topic: Computer Security
1:29 pm EDT, Mar 26, 2007
A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help.
As expected, SPI Dynamics researcher Billy Hoffman demonstrated a Web application vulnerability scanner written in JavaScript. The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said.
"The whole point was to show how scary cross-site scripting has become."
"Once one person has talked about the ability to do it, it doesn't take that long for somebody else to come up with it," said one ShmooCon attendee who asked to remain anonymous. "It will come out."
This week on Reflection we have a very young guy from the webappsec field.
Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time.
I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.
Billy got an amazing amount of press out of this one. Google is up to 74,000!
YouTube - Boston Ad Prank Suspects Talk About ... Hair
Topic: Business
9:56 pm EST, Feb 13, 2007
I missed this when it happened, but apparently the two guys who put up the ATHF figures in Boston were arrested and gave a press conference after the fact where they refused to talk about anything except hair.
I love it when the media is warped back on itself.