Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Javascript Malware Targets Intranets


  • Please log in to reply
1 reply to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:41 AM

Posted 25 July 2006 - 08:04 AM

...Attackers already use this JavaScript-based malware via cross-site scripting (XSS) to attack public Websites. But Jeremiah Grossman...will demonstrate at next week's Black Hat conference...how this method can just as easily hack into a corporate intranet...Grossman will show how intranets...are prime targets for these JavaScript-based attacks that use XSS to exploit weaknesses in an organization's Web applications and take control of its internal network devices.

darkreading.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:41 AM

Posted 25 July 2006 - 08:59 AM

The info in this article is disturbing. The way I read this is that there is nothing available in the way of patches or antimalware that can prevent an attack. 80% of web sites are infected and the infection is in the site's app. Even though I use NoScript, if I enable say this sites script I am vulnerable even though I didn't enable any other scripting on this site. If all this is true, then the only protection is unplugging one's computer from the net. and all other computers. Am I misreading something here. Don't want to be Chicken Little.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users