Schneier on Security: JavaScript Hijacking

Interesting paper on JavaScript Hijacking: a new type of eavesdropping attack against Ajax-style web applications. I’m pretty sure it’s the first type of attack that specifically targets Ajax code. The attack is possible because Web browsers don’t protect JavaScript the same way they protect HTML; if a Web application transfers confidential data using messages written in JavaScript, in some cases the messages can be read by an attacker.

Schneier on Security: JavaScript Hijacking


About this entry