AJAX hack

by Daniel M
The article that i read was about how hackers are using ajax to hack people’s computers. Basically what the hackers are doing is putting unsuspicious pieces of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites and then these javaScripts are fetching the payloads and assembling them back on the clients computer. This technique is called the payload fragmenting technique and it makes it hard for security systems to detect. It is harder to detect because the code that is passing through is legitimate until it is reassembled on the clients hard drive. There are some other layers of the anti-virus software that may detect the attack. The article talks about how the best way to avoid these attacks is to stay off of websites you do not know and don’t click on the links in spam emails.

I found this article interesting because hackers seem to always find new ways to get around anti-virus software. Also because the packets that are transferred are harmless by themselves it makes it harder to detect. Attacks at the network level are harder for an anti-virus software to detect as it is. This article relates to the class because we were talking about AJAX and i suppose this is another use for it. It also relates because we need to be aware of the possible threats that are out there.

reference:Constantin, L. (2012, January 5). Ajax-based web exploitation attacks detected in the wild . Retrieved from http://www.infoworld.com/d/security/ajax-based-web-exploitation-attacks-detected-in-the-wild-183308

Tags

3 thoughts on “AJAX hack”

  1. I find your article a good example of the supposedly unfix-able problem that JavaScript pertain in its design. It also gives an understanding of why Google is push hard for it’s Dart proprietary language. Considering how prevalent JavaScript is on the web through programs like jQuery and AJAX the more risks people are from a hacker’s grip.

  2. This is actually quite interesting because it seems like finding a fix for it would be nearly impossible. I wonder if this has in any way effected developers on their choice of using AJAX rather than it’s alternatives.

  3. Its always interesting to hear about the latest in hacking. But you can never be too careful when surfing and browsing the internet. I think that this is a great topic to talk about when you bring up JavaScript and jQuery and AJAX. There are benefits to certain languages and their are flaws, and this is an obvious flaw.

Comments are closed.