AJAX can amplify security threats

By | June 18, 2006

Organizations considering the use of Asynchronous JavaScript and XML (AJAX) technologies to create more dynamic Web sites need to ensure they are not inadvertently opening doors into otherwise secure applications, analysts warned. While AJAX by itself doesn´t create new security risks, it has a tendency to amplify the seriousness of several well-understood threats, including SQL injections, cross-site scripting and denial-of-service attacks, they said.

A case in point is this week´s mass-mailing Yamanner worm, which took advantage of an apparent cross-site scripting error in Yahoo Inc.´s e-mail service to infect thousands of computers. The worm arrived in Yahoo e-mail user in-boxes bearing the subject header “New Graphic Site” and was activated simply by a user opening the infected e-mail.Read Full Story

Leave a Reply