tagged w/ Javascript
-
Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website. Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during various Operations .However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end.
According to Developer "RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection."
The new tool, called #RefRef, is set to be released in September, according to an Anon promoting it on IRC this afternoon. Developed with JavaScript, the tool is said to use the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to #RefRef’s usage. An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favor the brute force of a DDoS attack sourced from bots or tools such as LOIC.
The tool is very effective, a 17-seconds attack from a single machine resulting in a 42-minute outage on Pastebin yesterday. As expected, the Pastebin admins weren't very happy with their platform being used for such tests and tweeted "Please do not test your software on us again."
The effectiveness of RefRef is due to the fact that it exploits a vulnerability in a widespread SQL service. The flaw is apparently known but not widely patched yet. The tool's creators don't expect their attacks to work on a high-profile target more than a couple of times before being blocked, but they don't believe organizations will rush to patch this flaw en masse before being hit.
This means there are a lot of possible targets out there that will be hit at least once. "This tool only makes you vulnerable if you don't keep your systems patched, perform the basic security, which is how Sony got caught with it's pants down," the RefRef developers said.
The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool's GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Some security experts have been skeptical that the success of Anonymous's DDoS attacks can be explained through LOIC alone. They proposed that some of the group's supporters also have access to botnets, a theory that has partially proven to be correct.
http://www.thehackernews.com/2011/07/refref-denial-of-service-ddos-tool.htmlAnonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities... more
-
-
Breaking News Updates Chris Moore with a brace plus Tom Pyman on target for the Town against home replies from Michael Sexton and Tony Milioti. Rostov-on-Don, Russia (February 21, 2011) Orbitscripts releases Open Ad Server as a free download with plug-in integration for users of Drupal, Joomla and WordPress content management systems.Breaking News Updates Chris Moore with a brace plus Tom Pyman on target for the Town... more
-
-
Google released two new versions of Chrome yesterday, version 10 for beta users and version 11 for developers willing to put up with more instability.
With Google's six-week update schedule, the new releases are milestones that Chrome users pass--often not necessarily noticing given the software's silent auto-update mechanism. But there are significant new features coming with the new beta.
Top on Google's list is faster JavaScript with the "Crankshaft" version of the new V8 JavaScript engine. JavaScript runs increasingly sophisticated Web-based applications such as Google Docs, and this highly competitive aspect of browser performance has become even more so with the "Chakra" engine in the forthcoming IE9 from Microsoft.
Crankshaft leaps ahead 65 percent on Google's own V8 benchmark suite. Note, though, that faster JavaScript is only one aspect of overall browser performance, and that other benchmarks such as Mozilla's Kraken can yield different results.
Also in Chrome 10 (Windows | Mac | Linux) is hardware-accelerated video, which can increase computing efficiency and spare battery life; settings controls that move from a pop-up dialog box to a browser tab; and password synchronization among different installations of Chrome (though not, as with Firefox, with Chrome on Android).
Google isn't talking much yet about its Chrome 11 (Windows | Mac | Linux) plans, but it looks like one interesting feature on the way is "chromoting," which lets a Chrome browser remotely take over another machine over a network. It's not unlike LogMeIn or other remote desktop applications, but those can't be installed on a Chrome OS machine, so chromoting gives a browser-based mechanism. That, in turn, would let Chrome OS in effect remotely run some native software that wouldn't run on a Chrome OS machine.
http://news.cnet.com/8301-30685_3-20033225-264.htmlGoogle released two new versions of Chrome yesterday, version 10 for beta users and... more
-
-
Latest News Updates Stack Overflow At Line 0, It's probably a javascript error with the site, this is not your problem. Stack Overflow At Line 0, It’s probably a javascript error with the site, this is not yourLatest News Updates Stack Overflow At Line 0, It's probably a javascript error... more
-
-
Twitter has been hacked and a malicious Twitter virus has been circulated through JavaScript this morning, The Twitter hacker used the idea and placed a command “on mouse over” through JavaScript.
http://www.buzztab.com/technology/twitter-hacked-ins-and-outs/Twitter has been hacked and a malicious Twitter virus has been circulated through... more
-
-
I decided to head over to the Official Chrome Extensions site and try to find some interesting games you can play in the browser right now. This is about as Googley it gets for games right now unless you check out Asteroids from Chrome Experiments.I decided to head over to the Official Chrome Extensions site and try to find some... more
-
-
Google claimed that Android 2.2 was going to bring the world’s fastest mobile browser and guess what? It looks like they weren’t lying.Google claimed that Android 2.2 was going to bring the world’s fastest mobile... more
-
-
Here is a video that pits Chrome 5, Firefox 4, Internet Explorer 9, Opera 10.5 and Safari 4 against each other. Using a good array of speed tests, including one for Javascript, the SunSpider test and the Peacekeeper Benchmark, you might be surprised to see some of the formally fastest browsers on the market are seriously starting to fall behind the pack.Here is a video that pits Chrome 5, Firefox 4, Internet Explorer 9, Opera 10.5 and... more
-
-
Your browser is very telling. And I don't mean just what type of browser you use, but also your screen resolution, what version of Adobe Reader you have...Your browser is very telling. And I don't mean just what type of browser you use,... more
-
-
Ah, the virtues of the HTML5 standard - so many innovative applications for it, applications that include port of the classic Asteroids game.Ah, the virtues of the HTML5 standard - so many innovative applications for it,... more
-
-
Security experts once again point the finger at Internet Explorer as the means which dangerous cybercriminals have attacked PC users. The attacks Google says came from people in China, McAfee has linked to a previously undisclosed flaw in Internet Explorer.
McAfee has already pointed out this problem to Microsoft. As is frequently the case with IE's web problems, this one involves Microsoft's JScript computer language which is used inside of IE and the Windows desktop. JScript the name for a dialect of JavaScript unique to the web IE web browser and Windows operating system.
Note, JScript/ActiveScripting can be avoided by disabling them in Internet Explorer options. Or by simply switching from Internet Explorer to another web browser - and changing the default web browser to that new web browser.
Once computer(s) at a company are infected, a back door installed on the affected computers lets the attackers look around inside the company.
McAfee Chief Technology Officer has said that all recent versions of the Microsoft Windows operating system are vulnerable, which of course includes recently-released Windows 7.
New patches from Microsoft typically take a couple of weeks to a month and a half, once word leaks out that it is being actively exploited by cybercrooks.
Due to the flaw in Internet Explorer, it appears that computer software was stolen from about 30 companies in America's high tech Silicon Valley.
Sources reportedly hit by this attack include: industrial giant Dow Chemical, defense contractor Northrup-Grumman, MS-Windows security company Seymantec, and social web portal-maker Yahoo, Juniper Networks - and Adobe. Security experts said that Adobe's software was used as part of the exploit. However, Adobe says there is no evidence of that - that it has.Security experts once again point the finger at Internet Explorer as the means which... more
-
-
-
Forget about vampires, ghouls and zombies. You were much more likely to receive a fright this year from something lurking in your e-mail. There were the usual crop of Trojan horses and phishing expeditions, and as the surprising list points out, some of the scares go all the way up to White House and the FBI.
http://information-security-resources.com/2009/11/01/top-ten-email-related-disasters-of-2009/Forget about vampires, ghouls and zombies. You were much more likely to receive a... more
-
-
An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the DNS address that redirects traffic from trusted sites to malicious ones, and possibly even infect other routers automatically. Chen says he informed Time Warner’s security department of the hole; they responded that they were aware of the problem but couldn’t do anything about it.An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the... more
-
-
A jQuery plugin to create a bar of real-time stream of information related to your post powered by Collecta search engine.
Collecta monitors the streams of news sites, popular blogs and social media. So it can show you results as they happen.A jQuery plugin to create a bar of real-time stream of information related to your... more
-
-
Back in the day, I used to love Internet Explorer. It was awesome... up until version 4 and above. A lot of people out there still use IE, and will continue to do so. You can install a new plugin that Google has released - and have your install of Internet Explorer kick serious browser butt once again.Back in the day, I used to love Internet Explorer. It was awesome... up until version... more
-
-
With all the buzz lately about Twitter real-time search. Why don't you add a real-time tweets bar related to your posts from your twitter timeline or from anybody or even limit it by a geocode coordinates!With all the buzz lately about Twitter real-time search. Why don't you add a... more
-
-
Native drag and drop uploading from your dekstop to the browser using JavaScript. Using Firefox 3.6 the user can drag multiple files from their dekstop and upload them asynchronously.Native drag and drop uploading from your dekstop to the browser using JavaScript.... more
-
-
Ahrjay
-
added this
-
2 years ago
- |
-
Few months ago I posted a Javascript class on how to Implement a paging listbox using jQuery. which has drawn a lot of traffic and few questions lately so I thought it would be more convenient to rewrite the code as jQuery plugin and make few enhancements plus providing a complete sample code in VB.Net and C#.Few months ago I posted a Javascript class on how to Implement a paging listbox using... more
-
