Magazine article Security Management

Antisocial Networking Sites

Magazine article Security Management

Antisocial Networking Sites

Article excerpt

THE NEXT TIME YOU VISIT a Web site on which users contribute much of the content--say, social networking sites like Myspace or photo-sharing sites like Flickr--be aware that some of the content other users are contributing may be malicious.

[ILLUSTRATION OMITTED]

This malicious content uses simple JavaScript code that can be placed on a Web site. These attacks are particularly dangerous because they take advantage of the way the code is meant to work.

JavaScript is a programming language used on Web sites for simple functions such as opening a pop-up window or causing a button to change when the cursor moves across it. It can be embedded in a Web page's HTML code, and, like HTML, JavaScript runs in the Web browser, not on the server, so it doesn't need to exploit a computer vulnerability or an unpatched browser.

Billy Hoffman, lead research engineer at SPI Labs, says that SPI has created a proof-of-concept JavaScript scanning tool that determines the IP address of the computer it's on and then scans to see what other devices--Web servers, wireless routers, and so on--are on that network. Another part of the JavaScript code then looks at images it finds on those devices; since many Web servers contain images of a standard size and name, locating images of specified sizes and names allows the server to be fingerprinted. All of this information can be sent back to a third party again simply by using JavaScript functionality that reaches out to other Web sites for images. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.