funsec mailing list archives
Re: 'Web 2.0 Charlatans' and 'Premature AJAXulation'
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Tue, 15 Apr 2008 10:17:37 -0700
This was Billy H's title from Blackhat last year. It's a keeper indeed. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Paul Ferguson Sent: Monday, April 14, 2008 7:44 PM To: funsec () linuxbox org Subject: [funsec] 'Web 2.0 Charlatans' and 'Premature AJAXulation' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is probably my favorite new phrase. :-) Via Reg Developer. [snip] Forget a wave of Web 2.0 threats taking down your software, stealing your data or exposing users - the real danger is posed by some existing attack techniques. And it's IT charlatans peddling over-night AJAX solutions that'll leave you vulnerable. Two security experts from Microsoft and Hewlett Packard have warned against "premature AJAXulation" - the practice of using quick fixes to turn existing software in into Rich Internet Application wonders - saying these are architecturally flawed. Microsoft security program manager Bryan Sullivan, during a joint session called Ajax Applications: A Blueprint for Disaster, told RSA: "People talk about sexy new Web 2.0 attacks. What's going to break the internet are these old Web 1.0 attacks like SQL injection, which works well against Web 2.0 applications. They are more efficient and more effective." [snip] More: http://www.regdeveloper.co.uk/2008/04/14/ajax_charlatans_old_school_atta ck/ - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBBZoq1pz9mNUZTMRAqo8AKCIf9ix45GAku8E9skbrauDEApKXwCfeekT c9RORm5HGo9ePR4q3GEO6SQ= =2w7m -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. Protected by Websense Messaging Security -- www.websense.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'Web 2.0 Charlatans' and 'Premature AJAXulation' Paul Ferguson (Apr 14)
- Re: 'Web 2.0 Charlatans' and 'Premature AJAXulation' Hubbard, Dan (Apr 15)