AJAX Archive

Possible AJAX Malware Threats

by Alexander H
Security has always been a major issue for many. Unfortunately, with recent software advancements, it has become even more difficult to maintain and secure potential threats to computers. According to M86 Security, a Web filtering vendor, recent exploitation attacks have been found using AJAX (Asynchronous JavaScript and XML). “These Web exploitation attacks use AJAX to fragment the payload into small pieces of code that are harder to detect by antivirus programs and intrusion prevent systems” (Constantin). The attack initially begins on the page that contains the harmful piece of JavaScript code that resembles those found on legitimate AJAX-using sites. The piece of code retrieves the payload in multiple chunks and assembles it back together on the client before executing. This technique makes it difficult for security programs to detect the attack due to the exploited vulnerability. Malware authors tend to use AJAX due to its ability to write generic attack pages, which often look like normal pages. It is recommended that users stay away from sites or web resources they are not familiar with to avoid any potential threat. read more...

AJAX hack

by Daniel M
The article that i read was about how hackers are using ajax to hack people’s computers. Basically what the hackers are doing is putting unsuspicious pieces of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites and then these javaScripts are fetching the payloads and assembling them back on the clients computer. This technique is called the payload fragmenting technique and it makes it hard for security systems to detect. It is harder to detect because the code that is passing through is legitimate until it is reassembled on the clients hard drive. There are some other layers of the anti-virus software that may detect the attack. The article talks about how the best way to avoid these attacks is to stay off of websites you do not know and don’t click on the links in spam emails. read more...

Ajax and Web Applications

by Jorge R
The topic of my article this week’s talks about the background and benefits of Ajax. The word Ajax comes from (Asynchronous JavaScript and XML), which was founded in 2005. A lot of interest was sparked when it first came out, due to the ability to code rich interaction with the client side, which mimicked a desktop application. Its popularity spans to popular applications such as: “…Google Maps, Google Suggest, Gmail, Yahoo Mail and Windows live”. The effectiveness to mimic desktop applications in a web browser attracted users because the  independent application did not need to be installed on the computer itself. The only limitation to use the application is the ability to have internet access. One of the biggest pioneers to move desktop applications to the web was Google Docs. This allowed users to create and write office documents on the go without any installation to their computer. This effective use of Ajax sparked the interest of other programmers to start coding their own applications, this led to a misconception that Ajax is a new language or technology. Ajax is a new method of thinking, designing, and a new style to program web applications. As explained in the article, “…Ajax is a new technique that uses a set of open standards technologies, with support by cross-browser and cross-platform compatibility “. Some of the advantages of using Ajax is the cross compatibility and rich user interaction. But these features come at a cost, they suffer from the same security problems from web applications and are JavaScript heavy. read more...

AJAX Web Attacks, Futility of Anti-Virus

by Vincent S
AJAX is an acronym for Asynchronous Javascript and XML.  It is a technology meant to combine various other web development technologies such as HTML and CSS in order to give greater options to developers.  This week in class, we introduced the concepts of Javascript and AJAX and are implementing them in project 2.  For that reason, I decided to report on an article this week I found in PCWorld magazine warning of the dangers associated with AJAX websites.  Like with most technologies, hackers have found ways to inject AJAX with malicious code in order to exploit backdoor vulnerabilities.  In recent cases, security experts have discovered a server in China that injects normal websites that contain AJAX code with malicious javascript code.  The point in performing the attack in this manner is so the malicious code will be disguised with typical AJAX code found on any website containing AJAX.  In attempts to further hide the malicious code, the AJAX attack disrupts the workload of a host PC as it interacts with scripts in the website.  Malicious Code is segmented into pieces and is reassembled before being executed by the client. read more...

Enhance your website with ASP.NET AJAX Extensions

by Shahravi
We have been learning about ASP.NET for about past two weeks. For this week;s blog, I’ve decided to talk about the article which talks about how to enhance your website with ASP.NET AJAX extensions. AJAX, which stands for Asynchronous JavaScript and XML, is one of the most hyped technology acronyms around. We didn’t learn much about AJAX in the class, so I’ll list some details about it here. One of the biggest advantages of AJAX is that page refreshness is minimized which allowes users to get the information they need quickly and easily through a more rich and functional interface. AJAX does this by using JavaScript and an XMLHttp object to send data asynchronously from the broweser to the web server and back. This is very useful if you have comple website. ASP.NET AJAX extensions provides developers with a simple way to add AJAX functionality into any ASP.NET website. This article is technical. read more...

Google Now Indexing Facebook for Comments

by Cary C
This article brings to light that Google is now indexing all pages that are using AJAX and JavaScript.  This effect will be very noticeable for sites such as FaceBook that use these technologies for comments.  Essentially this will mean that any comments you make on Facebook in the public forums are now indexed.  This will also apply to users of sites such as Facebook that do not have their profiles set to private.  While Google insists that the data they are indexing and making searchable was already public information on the Internet, many users are concerned that their privacy is being violated. read more...

AJAX, not as promising as it looked like.

by Salvador A
With the recent increase in Bandwidth size one thing that did not get a boost was Ajax. There was an expected boost in performance when bandwidth sizes would get better and this would have happened to benefit Ajax style applications, but this is not the case. The major problem is dealing with the fact that there are too many problems that are occurring for the Ajax team to fix on their own. They would need the help of the actual browser companies to help back them and have both sides of the developing teams move towards a common goal that would help them out. This is not the case, since Microsoft is backing its own web application type (SilverLight) and the Mozilla team just does not have the man power to crank them out themselves. And with other products out there as alternatives such as Adobe Air and SilverLight it seems as if Ajax will not be in the major spot light again. read more...

Google Now Indexes Facebook Comments: Paranoid Can Relax

by Bach B
Do you ever want to search for some specific comments of some Facebook users? If yes, Google makes your dream come true. How? Google is now indexing AJAX and JavaScript content, which means pages that use this programming, for example, Facebook comments, are now open to being searched. Then, some strangers can search your comments on facebooks anytime they wants, do not they? It is not entirely true. Google’s bots are still unable to see comments left on private pages, such as your Facebook wall (lets assume you have your privacy settings in place) and your friends’ Facebook walls (again, lets assume they have their privacy settings in place). On the other hand,  Google’s bots can now see comments you’ve posted in public forums, which include websites that use the Facebook commenting system, as well as public pages on Facebook itself. For example, if you posted something like “that chick is hot” on your friend’s wall, and his/her page appears to public. Then your comment will now be searchable. You might think that breaches your privacy, but  that comment would have technically been public all along, but now it’s just a little easier to find. read more...

AJAX Exploitation used to bypass security Filters!

by Stephen O
Researchers have detected a new exploit, this time using AJAX or “Asynchronous JavaScript and XML” to meet their insidious ends.  “Ajax (Asynchronous JavaScript and XML) is a method of building interactive applications for the Web that process user requests immediately. Ajax combines several programming tools including JavaScript, dynamic HTML (DHTML), Extensible Markup Language (XML), cascading style sheets (CSS), the Document Object Model (DOM), and the Microsoft object, XMLHttpRequest. “ (SearchWinDecelopment, 2007) basically it allows websites to show people dynamic content, for example Google maps. When you move around the map, it automatically loads new areas. Unlike traditional web pages that simply load content and then disconnect from the web server until the user makes a request. AJAX remains connected to the web server and when new data is required, it requests it on the fly. Using our Google Maps example, let us say we looking over the Los Angeles area, we can scroll southward towards San Diego and the map starts loading more terrain on our digital trip south, all thanks to AJAX. read more...

Speed Matters

by Joeydes M
Summary:

This article basically talks about the performance gains that an AJAX enabled website offers. The author interviewed two developers and one was quoted saying, “It’s not so much about technology as it about the way you think about building your Website. AJAX is about being able to deliver a more dynamic experience to your users” (Garrett). The author then expands on that idea by talking about the independent exchange of data for the client user. As people know already that AJAX is a client side component of the ASP.net toolkit, and that in-turn produces more speed and performance for the end user. The author also mentioned how AJAX could help the checkout process for customers using sites like E-Bay or Amazon. When checkout takes too long people will inevitable abandon their purchase. The “faster” the checkout process is the better. The author also talked about how AJAX works, it wasn’t in great detail but a brief overview about the hidden engine it loads on the client side to enable the client side processing and resource use. read more...