Organizations considering the use of Asynchronous JavaScript and XML (AJAX) technologies to 
create more dynamic Web sites need to ensure they are not inadvertently opening doors into otherwise secure applications, analysts warned. While AJAX by itself doesn’t create new security risks, it has a tendency to amplify the seriousness of several well-understood threats, including SQL injections, cross-site scripting and denial-of-service attacks, they said.
A case in point is this week’s mass-mailing Yamanner worm, which took advantage of an apparent cross-site scripting error in Yahoo Inc.’s e-mail service to infect thousands of computers. The worm arrived in Yahoo e-mail user in-boxes bearing the subject header "New Graphic Site" and was activated simply by a user opening the infected e-mail. AJAX can amplify security threats, analysts say
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag
0 comments for this entry ↓
There are no comments yet for this entry.
You must log in to post a comment.