SigEx Telecom : Rush to Ajax makes for happy hackers

Wednesday at the Black Hat USA conference in Las Vegas, security researchers warned software developers using Asynchronous Javascript and XML (Ajax) techniques that they might face security issues, sites enabled with Ajax being dangerously vulnerable to a variety of Web-based threats of which they're not even aware.Ajax techniques are very popular among web developers, it allows web sites to be more responsive to user input compared to traditional pages. Sites like Google, Yahoo and other popular sites are already using Ajax, considering it more efficient because they don't have to reload the Web page every time content needs to be refreshed.A site coded with Ajax may offer to hackers opportunities like: to tear the application to shreds, booking free flights, accessing coupon codes, hijacking the administration functions and stealing everyone's account information. All this by using flaws that popular AJAX resource ignore: Improper use of client-side XSLT; Use of overly- or underly-granular server-side APIs; and storing secrets (either data or functionality) in client-side code; exploiting Ajax race conditions, and Applying static analysis to deobfuscate client-side JavaScript."Any secrets stored in JavaScript, whether secret data like discount codes or database connection strings, or secret functionality like backdoor administrative access, will be found and exploited," says Billy Hoffman, lead R&D engineer at Web security vendor SPI Dynamics in Atlanta.

related story: http://www.cbronline.com/article_news.asp?guid=269108A6-C941-42BA-90C5-217AAF282396

by Notme dfsfs for SigEx Telecom (http://sigex.com)

SigEx Telecom is quickly becoming the leading telebroadcasting communications provider allowing people to easily talk, view, upload and share video clips through free online TV broadcasting, free unlimited global calls, websites, blogs, video-mails and SMS. SigEx Telecom captures many add-on services for its clients generating royalties and fees in a broad spectrum of marketing services including public relations and promotions.

These news are brought to you by CantellTV, its technology partner SigEx Telecom and its founder Chris Cantell. CantellTV is the fastest growing provider of digital broadcasting coupled with enhanced communications, allowing people to easily control, view, upload and share digital content through proprietary interface. CantellTV has relationships with a growing network of international clients delivering millions of videos per day with more than 50,000 new videos uploaded and 200 hours of new TV shows broadcasted daily to a wide range of viewers, from 5 to 7 year olds of LiveCartoons; to 16 to 24 year old active social users of MyJumps; to fortune 50 corporate clients utilizing enhanced broadcasting services. CantellTV is committed to delivering infinite choices to your world of entertainment at the tip of your fingers. Chris Cantell retains consulting arrangements with several pre-IPO companies.


Edited by: Jana Kalicka