AJAX hack

by Daniel M
The article that i read was about how hackers are using ajax to hack people’s computers. Basically what the hackers are doing is putting unsuspicious pieces of JavaScript code that is similar to that commonly found on legitimate AJAX-using websites and then these javaScripts are fetching the payloads and assembling them back on the clients computer. This technique is called the payload fragmenting technique and it makes it hard for security systems to detect. It is harder to detect because the code that is passing through is legitimate until it is reassembled on the clients hard drive. There are some other layers of the anti-virus software that may detect the attack. The article talks about how the best way to avoid these attacks is to stay off of websites you do not know and don’t click on the links in spam emails. read more...

Read more

Ajax and Web Applications

by Jorge R
The topic of my article this week’s talks about the background and benefits of Ajax. The word Ajax comes from (Asynchronous JavaScript and XML), which was founded in 2005. A lot of interest was sparked when it first came out, due to the ability to code rich interaction with the client side, which mimicked a desktop application. Its popularity spans to popular applications such as: “…Google Maps, Google Suggest, Gmail, Yahoo Mail and Windows live”. The effectiveness to mimic desktop applications in a web browser attracted users because the  independent application did not need to be installed on the computer itself. The only limitation to use the application is the ability to have internet access. One of the biggest pioneers to move desktop applications to the web was Google Docs. This allowed users to create and write office documents on the go without any installation to their computer. This effective use of Ajax sparked the interest of other programmers to start coding their own applications, this led to a misconception that Ajax is a new language or technology. Ajax is a new method of thinking, designing, and a new style to program web applications. As explained in the article, “…Ajax is a new technique that uses a set of open standards technologies, with support by cross-browser and cross-platform compatibility “. Some of the advantages of using Ajax is the cross compatibility and rich user interaction. But these features come at a cost, they suffer from the same security problems from web applications and are JavaScript heavy. read more...

Read more

AJAX Web Attacks, Futility of Anti-Virus

by Vincent S
AJAX is an acronym for Asynchronous Javascript and XML.  It is a technology meant to combine various other web development technologies such as HTML and CSS in order to give greater options to developers.  This week in class, we introduced the concepts of Javascript and AJAX and are implementing them in project 2.  For that reason, I decided to report on an article this week I found in PCWorld magazine warning of the dangers associated with AJAX websites.  Like with most technologies, hackers have found ways to inject AJAX with malicious code in order to exploit backdoor vulnerabilities.  In recent cases, security experts have discovered a server in China that injects normal websites that contain AJAX code with malicious javascript code.  The point in performing the attack in this manner is so the malicious code will be disguised with typical AJAX code found on any website containing AJAX.  In attempts to further hide the malicious code, the AJAX attack disrupts the workload of a host PC as it interacts with scripts in the website.  Malicious Code is segmented into pieces and is reassembled before being executed by the client. read more...

Read more

Enhance your website with ASP.NET AJAX Extensions

by Shahravi
We have been learning about ASP.NET for about past two weeks. For this week;s blog, I’ve decided to talk about the article which talks about how to enhance your website with ASP.NET AJAX extensions. AJAX, which stands for Asynchronous JavaScript and XML, is one of the most hyped technology acronyms around. We didn’t learn much about AJAX in the class, so I’ll list some details about it here. One of the biggest advantages of AJAX is that page refreshness is minimized which allowes users to get the information they need quickly and easily through a more rich and functional interface. AJAX does this by using JavaScript and an XMLHttp object to send data asynchronously from the broweser to the web server and back. This is very useful if you have comple website. ASP.NET AJAX extensions provides developers with a simple way to add AJAX functionality into any ASP.NET website. This article is technical. read more...

Read more

Google Now Indexing Facebook for Comments

by Cary C
This article brings to light that Google is now indexing all pages that are using AJAX and JavaScript.  This effect will be very noticeable for sites such as FaceBook that use these technologies for comments.  Essentially this will mean that any comments you make on Facebook in the public forums are now indexed.  This will also apply to users of sites such as Facebook that do not have their profiles set to private.  While Google insists that the data they are indexing and making searchable was already public information on the Internet, many users are concerned that their privacy is being violated. read more...

Read more

AJAX, not as promising as it looked like.

by Salvador A
With the recent increase in Bandwidth size one thing that did not get a boost was Ajax. There was an expected boost in performance when bandwidth sizes would get better and this would have happened to benefit Ajax style applications, but this is not the case. The major problem is dealing with the fact that there are too many problems that are occurring for the Ajax team to fix on their own. They would need the help of the actual browser companies to help back them and have both sides of the developing teams move towards a common goal that would help them out. This is not the case, since Microsoft is backing its own web application type (SilverLight) and the Mozilla team just does not have the man power to crank them out themselves. And with other products out there as alternatives such as Adobe Air and SilverLight it seems as if Ajax will not be in the major spot light again. read more...

Read more

Google Now Indexes Facebook Comments: Paranoid Can Relax

by Bach B
Do you ever want to search for some specific comments of some Facebook users? If yes, Google makes your dream come true. How? Google is now indexing AJAX and JavaScript content, which means pages that use this programming, for example, Facebook comments, are now open to being searched. Then, some strangers can search your comments on facebooks anytime they wants, do not they? It is not entirely true. Google’s bots are still unable to see comments left on private pages, such as your Facebook wall (lets assume you have your privacy settings in place) and your friends’ Facebook walls (again, lets assume they have their privacy settings in place). On the other hand,  Google’s bots can now see comments you’ve posted in public forums, which include websites that use the Facebook commenting system, as well as public pages on Facebook itself. For example, if you posted something like “that chick is hot” on your friend’s wall, and his/her page appears to public. Then your comment will now be searchable. You might think that breaches your privacy, but  that comment would have technically been public all along, but now it’s just a little easier to find. read more...

Read more

AJAX Exploitation used to bypass security Filters!

by Stephen O
Researchers have detected a new exploit, this time using AJAX or “Asynchronous JavaScript and XML” to meet their insidious ends.  “Ajax (Asynchronous JavaScript and XML) is a method of building interactive applications for the Web that process user requests immediately. Ajax combines several programming tools including JavaScript, dynamic HTML (DHTML), Extensible Markup Language (XML), cascading style sheets (CSS), the Document Object Model (DOM), and the Microsoft object, XMLHttpRequest. “ (SearchWinDecelopment, 2007) basically it allows websites to show people dynamic content, for example Google maps. When you move around the map, it automatically loads new areas. Unlike traditional web pages that simply load content and then disconnect from the web server until the user makes a request. AJAX remains connected to the web server and when new data is required, it requests it on the fly. Using our Google Maps example, let us say we looking over the Los Angeles area, we can scroll southward towards San Diego and the map starts loading more terrain on our digital trip south, all thanks to AJAX. read more...

Read more

Speed Matters

by Joeydes M
Summary:

This article basically talks about the performance gains that an AJAX enabled website offers. The author interviewed two developers and one was quoted saying, “It’s not so much about technology as it about the way you think about building your Website. AJAX is about being able to deliver a more dynamic experience to your users” (Garrett). The author then expands on that idea by talking about the independent exchange of data for the client user. As people know already that AJAX is a client side component of the ASP.net toolkit, and that in-turn produces more speed and performance for the end user. The author also mentioned how AJAX could help the checkout process for customers using sites like E-Bay or Amazon. When checkout takes too long people will inevitable abandon their purchase. The “faster” the checkout process is the better. The author also talked about how AJAX works, it wasn’t in great detail but a brief overview about the hidden engine it loads on the client side to enable the client side processing and resource use. read more...

Read more

Not your mother’s AJAX

by Rafael F
The article I researched has to do with AJAX and its benefits in the web applications developing industry. This article was written several years ago when AJAX was first introduced but promised readers and developers that AJAX was the way to go when developing web application interfaces. I chose this article as it served the purpose of confirming what we are learning in class right now. When preparing a web application sometimes it seems as if using standard HTML would be a lot easier to statically get the results that we are looking for. I know that for the second milestone of our course this was the case for me. I soon realized the static code was not as efficient as other languages could be. The same goes for building the web app interface.  read more...

Read more

JavaScript Causes Security Concerns

by Jonathan F

Websites have become more interactive thanks to JavaScript, but many are concerned that this scripting language can cause so security issues. Web 2.0 has allowed Websites to create a better user experience, and JavaScript takes advantage of this. Malicious JavaScript and Web site security flaws can lead to a security attack. JavaScript is a scripting programming language that was created in 1995 and is best known for its use in Web sites. Although the name has Java in it, it is not the same as Sun Microsystems’ Java .Now with Web 2.0 Web sites have become more interactive and a programming technique called AJAX has introduced more JavaScript in Web sites. David Wagner a computer science professor at the University of California Berkeley, said that JavaScript creates a major disaster because of its can be used in malicious ways. There have been a number of worms that have been created using JavaScript. A malicious script could be embedded in a Web pages and run on their own without the user even knowing. Malicious script could even be placed in Web sites through a flaw know as cross-site scripting. The best way to avoid malicious JavaScript is to disable JavaScript on your browser; the only problem with this is that a lot of Web- Sites won’t run correctly with JavaScript disabled. It is the responsibility of Web site operators to validate the JavaScript they use and try to avoid cross-site scripting. Malicious JavaScript has been around for a while but it has not been a major security until recently because of Web 2.0 and AJAX have made JavaScript a popular language to create interactive Web pages. read more...

Read more