![[RSS 2.0 Valid]](http://freez.security-portal.cz/templates/freez/img/valid-rss.png)
The new threat is JavaScript Malware. Unlike platform-dependent viruses, JavaScript Malware runs cross-platform in a browser. Google could be profiling users of its social networks. Self-replicating JavaScripts automatically exploit web sites vulnerable to XSS. They turn on your browsers into public open proxies, perform keylogging, steal your data from private web sites you run on localhost, steal Google search queries, track the sites you visited, exploit your browser's cache to get secret information (credit card numbers, social numbers, passwords, etc.), spoof URIs using International Domains with Unicode (phising) and that's just the beginning.
Social Networks are Open for profiling
Wikipedia record
JavaScript Malware for a Gray Goo Tomorrow
Analysis of Web Application Worms and Viruses
Content Crawling: A Wolf Among Lambs
Ajax (in)security
The Phuture of Phising
O'Reilly record
Web Application Hacking
Web Application Security Consortium Officer
Using RSS and Atom Feeds As Attack Delivery Systems
The Latest in Internet Attacks
DNS Pinning / Rebinding Attacks
Stanford Web Security Research (index)
Web Application Security Consortium
ha.ckers.org - security weblog
Web Application Security weblog - check the archive
It's a shampoo world anyway
CGI security
Anti-Virus software is still not ready to protect you against malicious web content. Nothing can reliably filter arbitrary JavaScript code snippets from (X)HTML, XML and CSS. These extensions can at least prevent your browser's cache from being exploited, protect against turning your browser into public open web proxy, make it harder to get your history stolen, protect against cookies-hijacking (for SSL enabled web sites, that send cookies unencrypted), make it harder to spoof URI using International Domains in Unicode, and possibly more. Assuming you already know Adblock, NoScript and Flashblock, I don't mention their links.
LocalRodeo
Client-side protection against JavaScript malware, that can access your private web sites on localhost.
SafeCache
Segments the cache on the basis of the originating document, defending against web privacy attacks that remote sites can use to determine your browser history at other sites.
SafeHistory
Restricts the marking of visited links on the basis of the originating document, defending against web privacy attacks that remote sites can use to determine your browser history at other sites.
IDND
Puts a little flag in the status bar that tells you whether you are visiting a Traditional Domain Name (green TDN) or an International Domain Name (UN-blue IDN).
What web application do you trust?
Nobody has reacted yet. Enjoy you're the first!
Top
