RE: using AJAX to spy on users

om: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 5:15 AM To: CF-Community Subject: Re: using AJAX to spy on users As promised some details on the security vulnerability I recently found. It concerned the Blackboard Content System where users could upload files with scr

Re: using AJAX to spy on users

As promised some details on the security vulnerability I recently found. It concerned the Blackboard Content System where users could upload files with scripting and then lure other users to those pages and hijack their blackboard sessions and potentially steal their passwords using a specially

Re: using AJAX to spy on users

Does it have anything to do with DWR ( think thats the name of it)? Adam H On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > Larry C. Lyons wrote: > > Interesting, care to let us in on the secret. > > Then it wouldn't be a secret anymore :) > I intend to publish before the end of the m

Re: using AJAX to spy on users

There's already a "Live HTTP Headers" plug-in for Firefox (I use it daily) - I wonder if something like a "Zone Alarm" for Firefox or something would sniff out XMLHttpRequest() activity and pop up a quick message if a site is trying to use it, how it's being triggered, and giving you the option

Re: using AJAX to spy on users

thanks Jochem, I'm looking forward to it. On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > Larry C. Lyons wrote: > > Interesting, care to let us in on the secret. > > Then it wouldn't be a secret anymore :) > I intend to publish before the end of the month. > > Jochem > > ~~

Re: using AJAX to spy on users

Larry C. Lyons wrote: > Interesting, care to let us in on the secret. Then it wouldn't be a secret anymore :) I intend to publish before the end of the month. Jochem ~| Find out how CFTicket can increase your company's customer

Re: using AJAX to spy on users

Interesting, care to let us in on the secret. larry On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > Larry C. Lyons wrote: > > > > While the XMLHttpRequest object and AJAX can provide huge user and > > developer benefits, there are some issues you probably haven't thought > > about yet

Re: using AJAX to spy on users

Larry C. Lyons wrote: > > While the XMLHttpRequest object and AJAX can provide huge user and > developer benefits, there are some issues you probably haven't thought > about yet but it's time everyone did. LOL I just send a security advisory to a certain company about how I hacked their product

Re: using AJAX to spy on users

Larry C. Lyons wrote: > With all the hype regarding AJAX, I thought the list would be > interested in this article. > :: Using the XMLHttpRequest Object and AJAX to Spy On You > http://nl.internet.com/ct.html?rtr=on&s=1,1te7,1,4xj,ivwr,5c3o,5mhs It's a good thing to keep thinking about, particular

using AJAX to spy on users

With all the hype regarding AJAX, I thought the list would be interested in this article. forwarded from WebReference :: Using the XMLHttpRequest Object and AJAX to Spy On You While the XMLHttpRequest object and AJAX can provide huge user and developer benefits, there are some issues you probabl