JavaScript Malware Open The Door to the Intranet

An anonymous reader writes "C|Net is reporting that JavaScript malware is opening the door for hackers to attack internal networks. During the Black Hat Briefings conference Jeremiah Grossman (CTO, WhiteHat Security) '...will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers ... As we're attacking the intranet using the browser, we're taking complete control over the browser.' According the the article, the presence of cross-site scripting vulnerabilities (XSS) dramatically increase the possible damage that can be caused. The issue also not which-browser-is-more-secure, as all major browsers are equally at risk. Grossman says 'The users really are at the mercy of the Web sites they visit. Users could turn off JavaScript, which really isn't a solution because so many Web sites rely on it.'"

JavaScript Malware Open The Door to the Intranet

[Ohreally_factor]

Caveman Zonk edit headline bad.

Re:JavaScript Malware Open The Door to the Intrane

[Exatron]

Me, Grimlock, like headline. No want it change.

NCSA Mosaic avoids this problem

[shwonline]

Ah, the simpler days of gray backgrounds and Times New Roman. None of these fancy tables, neither. And we had to walk 5 miles to school, uphill, in snow up to our hips. And 10 miles uphill to get back home. Kids today with their fancy JavaScript. No appreciation, none at all.

Oh well, let's prevent people doing their jobs

[Flying pig]

Because it worked so well for the KGB. KGB agents planted by photocopiers to ensure the wrong documents didn't get copied. Typewriters with unique typefaces in a single nonstandard size so that official documents couldn't be faked. Yes, if you are restrictive enough eventually you can bring everything crashing to a halt. However, the concept that everything is forbidden except what is compulsory has hardly proven the most successful business paradigm. IT is supposed to be an enabling technology, not a disabling technology. The sudden focus on security has brought to the fore all the anal retentives who secretly want to stop people doing things, and now have a justification for doing it.

The answer with all these technologies is to get away from the "everything is permitted, everything links to everything else" model that Microsoft promoted till it ran into trouble, and work out a way of implementing security policies that are comprehensible and that work.

Re:JavaScript Malware Open The Door to the Intrane

[Anonymous Coward]

I'll have the roast duck, with the mango salsa...

Re:JavaScript Malware Open The Door to the Intrane

[Ohreally_factor]

Your grammar frightens and confuses me.