SimplyBuzz

“Your browser can be used to hack internal networks”, security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.

JavaScript has been around since the early of the internet revolution and has been widely used in almost all of the websites to power the dynamic UI[?], tracking visitors, while the latest web 2.0 application mostly utilizing AJAX [?].

It may cause havoc like the untrusted parties using ActiveX to plant their spyware, adware and worms as happened to unsecured browser, like Microsoft Internet Explorer. The worst situation here is, everybody using the browser with 100% support to JavaScript. So the situation is everybody here now vulnerable!

What are the JavaScript capable of?

• bypass security measures such as a firewall because it runs through the user’s browser
• scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices
• scan networks protected behind firewalls such as corporate networks
• scan your home network, detect a router model and then send it commands to enable wireless networking and turn off all encryption
• the malicios attack launched by using “image object” inside JavaScript.
  

It is possible to prevent this threat?
It’s just like on the early age of the internet, who needs firewall, antivirus, anti-spyware or any anti-what so ever… then a few years after that spam, pop-up, badware[?], virus, and worms comes into the playground. Then all the cleaner, blocker, and etc. tools are being developed to fight the threat.

Possilbly in the future the antivirus or firewall will also blocking malicios attemp from the websites JavaScript. In the meantime, the JavaScript might be patched to close the possible security flaw.

Share This