Johannes Ernst's Blog

About

Biographical information is here.

Leave me a message.

Categories

All(699)

Most recent posts
Congratulations... (Dec 27, 2008) OpenID Could Be The New Visa (Dec 16, 2008) Final Candidates for OpenID Foundation Board (Dec 09, 2008) Follow-up to "What is Wrong With This OpenID Picture?" (Dec 08, 2008) Objectives for the OpenID Foundation in 2009 (Dec 08, 2008) What is Wrong With This OpenID Picture? (Dec 04, 2008)

Really Scary Web Hacking Demo

Sep 25, 2006
[permanent link]

If you are a techie, I highly recommend you look at the presentation "JavaScript malware just got a lot more dangerous" by Jeremiah Grossman and T.C. Niedzialkowski from WhiteHat Security, Inc. An MP4 recording of the demo is here.

Wow, is this scary! They are demonstrating how to completely hijack a user's browser session without the user noticing, and running things like keystroke loggers right in the browser, re-configuring the user's firewall, attacking other servers on the user's intranet, print on the user's printer, and sweet stuff like that. Without using any browser exploits! And without leaving any trace because the JavaScript and other content just goes away after the browser is closed.

Missing 10,000 dollars in your bank account, but your bank's website says it's still in your account? That's the kind of thing ...

[permanent link] Add to [del.icio.us]

This work is licensed under a Creative Commons License. However, NetMesh, Situational, LID, Light-Weight Identity, and InfoGrid are trademarks or registered trademarks of R-Objects Inc., doing business as NetMesh Inc. and no rights to trademarks are granted. For the purposes of attribution, the author is "Johannes Ernst" and attribution shall provide a (clickable, where possible) URL to this site.