Web 2.0 is vulnerable to attack
Security researchers have found what they say is an entirely new kind of web-based attack, and it only targets the Ajax applications so beloved of the 'Web 2.0' movement.
Ajax is a way of designing web applications where data is transferred to and from the web site in the background of the page, without the need for a full page refresh when the user interacts with it. It give web apps the feel of desktop apps, and is used in applications such as Gmail.
By exploiting JavaScript hijacking vulnerabilities, attackers would be able to, for example, retrieve email from a victim's Gmail inbox, or gain access to any data that could be sent them via and Ajax app.
Vulnerable frameworks include: Microsoft ASP.NET AJAX (aka. Atlas), XAJAX and Google Web Toolkit, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit.
3 votes
