Whole Network AJAX Basics conference E-Commerce Monthly Contest Programming Security

« HP gets Ajax tools in its... | Main | Vulnerability reported in... »

 

JavaScript hijacking can hijack web browser session

Filed in archive Security by gautam on April 2, 2007

javascript hijacking.gif
JavaScript vulnerability has been reported by Fortify which enables to hack IE or Mozilla web browser session. Dubbed as JavaScript hijacking the vulnerability can be exploited in Web 2.0 applications using AJAX or Microsoft Atlas or GWT and other open source tools. The security vendor has the specific attack code and along with an advice as to how the vulnerability can be corrected.

Brian Chess, Chief scientist, Fortify stated:

Fortify has identified JavaScript hijacking attack code to exploit the Microsoft browser as well, but is refraining from currently making that publicly available. We figured out how this attack is possible and we need to educate software developers on it.


The security vendor has recommended that all programs communicating using JavaScript should take defensive steps such as session identifiers as part of each request returning JavaScript. This would entirely defeat the purpose of forgery attacks. Check the advisory issued by Fortify out here.







Permalink: JavaScript hijacking can hijack web browser session
Tags: javascript  hijacking  java  javascript  vulnerability  ajax  javascript+hijacking  browser+session 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/61253

Bookmark this entry:

img Addthis img Ask img Blinklist img del.icio.us img Digg img Fark img Facebook img Google img Lycos img Ma.gnolia Add this page to Mister Wong Mr Wong img Netscape img Netvousz img Newsvine img Reddit img StumbleUpon img Slashdot img Tailrank img Technorati img Wink img Yahoo

Related Entries:

Werte aus Flash an PHP und JavaScript senden - 14 January 2007

Browser-Spion - 10 April 2007

Die besten Tutorials zu PHP, CSS, JavaScript, DHTML, AJAX ..... - 07 April 2007

Microsoft Examination of JavaScript Has Standards Implicatio... - 12 November 2007

Skyfire Launches Mobile Browser with Flash, Ajax and Java Su... - 29 January 2008

JavaScript 测试:Firefox 3 性能大为提升 - 29 February 2008

JavaScript-Browser-Weiche - 23 April 2008





RSSrss   | See all blog subscribe options
Google google   |   What is RSS?
Yahoo! yahoo
Addthis Subscribe using any feed reader!
Bloglines Bloglines
Newsletter
Grouptivity

Use the search to look for other interesting posts



 

  • Advertise with us

  • Learn more about our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.


  • Testimonials

  • 'Great looking blog. Good quality posts with useful information.'


  • Other blogs in the same channel in the Creative Weblogging Network







 

Find other popular posts from our other blogs:

On Storage

200GB laptop drives for Q3

1TB of free online storage

Reactive Maintenance

1TB - Portable, LaCie Little Big Disk...

OpenSolaris Storage keeps rolling along

BlogWealth

AOL Woes Hit Bloggers

Tell All About Your New iPhone?

The Ultimate List of CPM Networks

Blog Network Sued

Tips For Getting Blogging Jobs

Nanotechbuzz

And the 2006 nanotech product of the...

Bullet-proof t-shirt uses carbon...

The coming age of nanosensors

Amazing 2008 Beijing Olympics Opening...

Hummer O2 beats nano-cars to win Design...

The VoIP Weblog

FreeCall from Finarea with 36 Free...

magicJack - enjoy cheap VoIP calls with...

VoIP/Broadband Internet Accelerator: A...

Send free SMS to cell phones worldwide...

AT&T and Yahoo Launch Co-Branded...

Googlestack

Common MapReduce misconceptions

Columns versus Rows

Hypertable installation guide.

Open-source alternatives to BigTable

KFS at Quantcast

HackITLinux

Run Linux With Gmail

Mac OS X Dock for Linux

"Photoshop" Linux version

Sony Mylo Built On Qtopia Linux

10 Helpful Linux Commands

About the company | Advertise with us | Disclaimer | Privacy Policy | Refund/Return Policy

All Creative Weblogging sites are built in accordance with the Google Webmaster Guidelines and IAB guidelines.

Tagcloud: AJAX Application Development Awards Basics Business conference E-Commerce Management Mobile Devices mobile phones Monthly Contest Personal Programming Security Service Oriented Architectures Sponsored Posts updates Web Services