JavaScript has recently turned from a web development tool into a hackers’ gateway to your home or corporate network. JavaScript malware is the common term used to summarize the new brand of JavaScript attacks that allow hackers to map your network and launch sophisticated phishing attacks. The malicious JavaScript code can be embedded in any web page and it will run without any warnings when the page is viewed in any ordinary browser.
The LocalRodeo Firefox extension (beta release) aims to protect users from such malicious JavaScript code by rejecting suspicious request to your local network.
The LocalRodeo extension counters two common attack vectors: local network exploitation — port-scanning and fingerprinting — and anti DNS-Pinning — forcing the browser to renew a DNS entry for a given domain on the fly, resulting in access to local networks. It intercepts HTTP requests and drops any illegitimate remote-to-local requests. The current release has known issues with Gmail and appears to slow down Firefox.
Contact
Have a hot hack? want to request a hack? let us know - editor [at] security-hacks.com
subscribe
Search
Latest Entries
- msramdmp: Dump RAM from a USB stick
- SWFIntruder: Are your Flash applications secure?
- Untidy: Python-based XML fuzzer
- Jailbreaking iPhone software v1.1.1
- Secure browsing with Squid and SSH
- Combat spam with Gmail aliases
- 5 Essential laptop security tips
- Email encryption with GPG and Mail.app
- Firefox: Disable suspicious JavaScript features
- aSSL: Add SSL to your Ajax application
Archives
