Malicious Use Of AJAX Technology
Some time ago on DevX I read a story warning for the possible malicious use of AJAX.
Well, as of today the number of Google hits on 'AJAX malicious' will probably explode as someone succeeded in getting hero status on myspace.com by abusing an AJAX-based XSS exploit due to lax security on that website.
Of course, in this case it's an innocent exploit, but we probably can expect more to follow. What I'd like to stress is that there is absolutely nothing wrong with the AJAX technology itself. It's just a new way to use an old trick. The problem in this case was only on partially on myspace's side however: the script writer says browser makers are also to blame. Well, at least one can say that site builders always need to have security on thier minds, but it's also a bit more complicated than that. Anyway, at least web security is getting more and more attention in 2005, which is a good thing.
via 'the Information Security Officer' aka the Chief
update: it turns out this news is already more than 10 days old. Thought I had a scoop for you, but I'm probably the last one to know. Anyway, here is an analysis of the 'worm'