JavaScript opens doors to browser-based attacks

Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.

 

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.

 

Read the full article JavaScript opens doors to browser-based attacks (CNET.com)

4 thoughts on “JavaScript opens doors to browser-based attacks”

  1. Hey guys!
    I'm barely new in web server administration. Well, my job description doesn't say anything about servers, but I'm maintaining a website and a intrenet for my company.
    My boss wants me to enable a hyperlink in our website so users can connect to the intranet from everywhere. What are the potential risks if we open this door.
    I'd really apperciate your help.
    Thanks!
    Walter Rios

  2. Hi Walter,
    This is Will O'Neill, the Webmaster of HealthyOntario.com – I work for Prescient (Toby's company) and he asked me to address your question briefly.
    I don't know enough about your situation to answer in detail or make suggestions, but in general terms the risk increases considerably – instead of having a firewall that blocks this kind of traffic absolutely, as a closed intranet woud likely have, you'll now have to lower that barrier and set up an authentication system for users at the gate. The risks, of course, are hackers who can read, alter or destroy data, as well as potentially introduce viruses to your system.
    One piece of advice I can offer is to enforce a strong password discipline among users – this means mandatory case-sensitive passwords that must use a combination of letters and numerals in nonsense combinations. This will offer resistance against programs that attempt to determine passwords.
    The bottom-line is that it is a risk, but you have to weigh it against the need in your organization and also consider the resources you're prepared to commit to security solutions on both a software and hardware level.
    Good luck with your research!
    Will O'Neill
    woneill@prescientdigital.com

  3. Will
    Thank you very much for the information!
    I need to put this on the table before we deploy this idea.
    Very nice website by the way.
    I hope to maintain in contact for future reference and feedback.
    wriostamez@hotmail.com

Comments are closed.