Announcement

Collapse
No announcement yet.

JavaScript webscan - Very interesting to read!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • JavaScript webscan - Very interesting to read!

    Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

    http://www.astalavista.com/media/dir...8ca6ed4fad.pdf

    POC

    http://www.spidynamics.com/spilabs/js-port-scan/
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

  • #2
    Re: JavaScript webscan - Very interesting to read!

    quite scary. There must be some way to secure it without disabeling java applets or somewhat in you're browser.

    I will give it a thought....
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: JavaScript webscan - Very interesting to read!

      yes very uncomfortable such things...

      i would suggest the following:

      1. disable icmp echo on your AP's... wifi devices... etc and any other things that give i am alive signals

      2.update the firmware to those devices

      3.every few days... check the device settings


      another solution is:
      i know there are website scaner like it checks a website for changes and if something is changing it will notify you... maybe it is possible to use such progy to check the in danger device... you have to let it login to the http managment from the wifi point and monitor the pages...
      MCSE 2000 Done
      RHCE Done

      Comment

      Working...
      X