Featured Articles

LG G Watch R ships in two weeks

LG G Watch R ships in two weeks

The LG G Watch R, the first Android Wear watch with a truly round face, is coming soon and judging by…

More...
LG unveils NUCLUN big.LITTLE SoC

LG unveils NUCLUN big.LITTLE SoC

LG has officially announced its first smartphone SoC, the NUCLUN, formerly known as the Odin.

More...
Microsoft moves 2.4 million Xbox Ones

Microsoft moves 2.4 million Xbox Ones

Microsoft has announced that it move 2.4 million consoles in fiscal year 2015 Q1. The announcement came with the latest financial…

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 30 July 2012 09:48

Insecurity experts use JavaScript to snoop proxies

Written by Nick Farrell



Found all sorts of dodgy people


Spanish insecurity experts from Informatica64 used a JavaScript Trojan horse to steal information from spammers and scammers, which is a bit like giving AIDS back to monkeys. In a presentation at the Black Hat security conference, security consultant Chema Alonso showed off a somewhat dodgy method to snoop on some very questionable people online.

The pair replaced cached JavaScript with an attacker's copy and used this to inject the JavaScript file into a victim's browser. Alonso set up an anonymous proxy server and then published its Internet address on a proxy forum. Within a day, more than 4,000 computers had connected to the proxy server and had the poisoned JavaScript file in their browser caches.

According to Dark Reading, Alonso found a variety of low-level criminals using their proxy server. There were fraudsters posing as British immigration officials offering work permits, a bloke pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket there was another fraud involving flogging non-existent Yorkshire Terriers. By replacing one of the JavaScript files with a malicious version via the proxy server, the attacker can tailor attacks for a specific site, he told the conference.

He thought that it was likely that companies and governments are already using this technique to eavesdrop on criminal activity. He said that he could collect that amount of data in only one day doing nothing with two small JavaScript files. He thought it was too easy for governments and spooks to do the same thing.

The only way for people to sure that they are safe is that they use servers that they trust. In addition, privacy-sensitive people should regularly clear the browser cache.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments