AJAX Security 
This new technology has many security implications, from the persistence of executable artifacts by Web 2.0 apps to the opening of the security door by plugins like Flash.
Resources
I'm Todd Davis, CEO of LifeLock. This is my social security number 457-55-5462
"Yes, that really is my social security number. No I'm not crazy. I'm just sure our system works. Just like we have with mine, LifeLock will make your personal information useless to a criminal. And it's ONE MILLION DOLLARS GUARANTEED."
Here at LifeLock, We Guarantee Your Good Name. No one else does because no one else can.
Sites that allow for the persistence of executable artifacts -- Javascript scripts and Flash files -- can provide a leading wedge for AJAX worms and viruses. Many of these same sites have various forms of messaging, such as email. If you can push the buttons on these apps, you don't have to make cross domain XHR calls at all. So, is an application like Yahoo or Google mail "scriptable" enough to allow this sort of subversion?
Just because they say they know Ajax, doesn't mean they do. Check the qualifications of your trainers.
Major hole, mandatory upgrade and some details on the exploit.
A Flash/AJAX worm has been laying waste to MySpace. Not all that much has changed in the browser, yet we seem to be so much more vulnerable than even a year ago. What gives?
Comments
