funsec mailing list archives

Re: 'Web 2.0 Charlatans' and 'Premature AJAXulation'

From: "Hubbard, Dan" <dhubbard () websense com>
Date: Tue, 15 Apr 2008 10:17:37 -0700

This was Billy H's title from Blackhat last year. It's a keeper indeed.





-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Paul Ferguson
Sent: Monday, April 14, 2008 7:44 PM
To: funsec () linuxbox org
Subject: [funsec] 'Web 2.0 Charlatans' and 'Premature AJAXulation'

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is probably my favorite new phrase. :-)

Via Reg Developer.

[snip]

Forget a wave of Web 2.0 threats taking down your software, stealing
your
data or exposing users - the real danger is posed by some existing
attack
techniques. And it's IT charlatans peddling over-night AJAX solutions
that'll leave you vulnerable.

Two security experts from Microsoft and Hewlett Packard have warned
against
"premature AJAXulation" - the practice of using quick fixes to turn
existing software in into Rich Internet Application wonders - saying
these
are architecturally flawed.

Microsoft security program manager Bryan Sullivan, during a joint
session
called Ajax Applications: A Blueprint for Disaster, told RSA: "People
talk
about sexy new Web 2.0 attacks. What's going to break the internet are
these old Web 1.0 attacks like SQL injection, which works well against
Web
2.0 applications. They are more efficient and more effective."

[snip]

More:
http://www.regdeveloper.co.uk/2008/04/14/ajax_charlatans_old_school_atta
ck/

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIBBZoq1pz9mNUZTMRAqo8AKCIf9ix45GAku8E9skbrauDEApKXwCfeekT
c9RORm5HGo9ePR4q3GEO6SQ=
=2w7m
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


 


 Protected by Websense Messaging Security -- www.websense.com 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

'Web 2.0 Charlatans' and 'Premature AJAXulation' Paul Ferguson (Apr 14)
- Re: 'Web 2.0 Charlatans' and 'Premature AJAXulation' Hubbard, Dan (Apr 15)