"A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems.
That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web sites, said Jikto creator Billy Hoffman, a researcher at Web security firm SPI Dynamics. Hoffman, who developed the tool as a way to advance Web security, plans to release Jikto publicly later this week at the ShmooCon hacker event in Washington, D.C.
JavaScript plays a major role in the Web 2.0 boom, which is causing a splash as it stretches the boundaries of what Web sites can do. But malicious JavaScript, especially in combination with the increasingly common Web site security flaws, could lead to insidious Web-based attacks, security experts have said.
Right now, Jikto only crawls and detects vulnerabilities. Hoffman is working on a next version that can also exploit vulnerabilities and extract data. That version may be presented at the Black Hat security conference in Las Vegas this summer, he said."
Click on the link below for the full article:
http://news.zdnet.com/2100-1009_22-6169034.html
No comments:
Post a Comment