Comments on: The state of JavaScript Hacking

By: pdp

pdp — Mon, 21 May 2007 20:46:40 +0000

why not… JavaScript is fully functional language and can do everything other languages can do. what’s the problem?

By: Marc

Marc — Mon, 21 May 2007 18:39:09 +0000

JavaScript hacking yea right …
JavaScript would be able to do some confusing things to a client but not hacking

By: pdp

pdp — Sun, 17 Dec 2006 08:08:56 +0000

f0rg3, glad to hear that

By: f0rg3

f0rg3 — Fri, 15 Dec 2006 13:58:34 +0000

Thanks for the read. I enjoyed it immensely..i am in your wake…a reader from Africa who’s very much into Javascript hacking :)

By: pdp

pdp — Wed, 06 Dec 2006 02:02:02 +0000

True, although, from my quick observation, OpenLaszlo is based purely on Flash. Flash in a way is limited. Apollo provides a lot more features that I am not sure how OpenLaszlo’s developers will achieve unless they extend the Flash player in someway or integrate somehow with Apollo.

By: Bob

Bob — Tue, 05 Dec 2006 09:41:41 +0000

No mention of OpenLaszlo, which Flex and Apollo try to copy?

By: 5V3N.5P4C3 » The internet will become more evil!

5V3N.5P4C3 » The internet will become more evil! — Tue, 28 Nov 2006 09:58:14 +0000

[...] Aber deis sei nur eine kleine satirische Einleitung zu einem eher trockenen und technischen Them: The state of JavaScript hacking geschrieben von pdp(architect) auf GNUcitizen. [...]

By: pdp

pdp — Tue, 28 Nov 2006 03:21:20 +0000

.mario, I am glad to hear that. Backframe will remain that simple in the future. However, I am planning some changes that will make it even better. I expect to release the new version around Christmas. BTW, this thing with the JS-code on paper transfer sheet is rather cool. I remember thinking about doing SQL Injection over a Vocera badge with voice.

Robert, surely I will get on #webappsec as soon as I have some free time. ;)

Vijay, it is like that with every technology. What we need to do is to raise the user awareness.

By: pdp

pdp — Tue, 28 Nov 2006 02:25:31 +0000

Here is an interesting question:

So what you are trying to say is that JavaScript is bad, because it nowadays runs on more than one platform?

JavaScript is not bad. However, like any other technology JavaScript has quite a few security implications. What I am trying to say is that raising the awareness of the masses is important. People should consider JavaScript as a serious and very powerful language and they should not give their trust to obscure web pages and applications so lightly.

By: Vijay

Vijay — Tue, 28 Nov 2006 01:48:42 +0000

I realy appreciate your post, fourth generation languages are not safe.

By: Robert

Robert — Tue, 28 Nov 2006 01:36:09 +0000

Good to hear about XUL/WPF/XAML publically spoken about! I myself am doing some research into these technologies. Hop on irc.freenode.net #webappsec sometime to chat :)

By: Joe

Joe — Mon, 27 Nov 2006 21:11:11 +0000

Very interesting post, I agree completely with what you’re saying.

Apollo is definitely something to look forward to and I’m sure Adobe will want to distribute Apollo to as many computers out there as possible.

By: .mario

.mario — Mon, 27 Nov 2006 20:14:53 +0000

Unfortunately you are right. I don’t know if you heard about the XSS-Hack via bank transfer. Some guys wrote JS-Code in the subject field on a (papermade) transfer sheet and brought it to the bank - some days later they got some client on their monitor who really executed the code.

Even if this would be an urban legend it shows the capabilities of modern scripting languages and their dangers. With growing possibilites the number of security holes are rising exponentially too. As developer and ‘underpaid-security-guy’ i know what you are talking about.

Please keep up the good work and btw - i like Backframe. This piece of software is simple but evil. I will use for demonstration in a presentation in two days.

Greetings,
.mario