JavaScript Spider


I came across a site, today, that claimed to be a “new JavaScript attack vector” called the: JavaScript Spider. The result, however, is completely laughable. According to the web site:

The JavaScript Spider is the first implementation of a proof of concept tool which shows that Javascript can be in fact quite dangerous. This implementation depends on proxydrop.com but other proxies are possible as well: Google Translate is one of them. Keep in mind that the tool spiders only the first level.

I don’t think this guy knows what “attack vector” means. Using a publicly-accessible anonymous proxy is hardly a security concern – especially considering that none of the user’s personal information is being passed along.

Honestly, the only thing that that he “discovered” (and that was just something that he noticed, as the world has passed him by) is that publicly-accessible anonymous proxies can be used for “bad” things. Uhhh… duh?

Seriously, if every use of a server-side proxy was considered to be a client-side security risk, then we’d have a much larger issue on our hands. This quote, alone, helps to sum up his ignorance: “Javascript can be in fact quite dangerous.”

Posted: October 7th, 2006


If you particularly enjoy my work, I appreciate donations given with Gittip.

32 Comments (Show Comments)



Comments are closed.
Comments are automatically turned off two weeks after the original post. If you have a question concerning the content of this post, please feel free to contact me.


Secrets of the JavaScript Ninja

Secrets of the JS Ninja

Secret techniques of top JavaScript programmers. Published by Manning.

Ukiyo-e Database and Search

Ukiyo-e.org

Japanese woodblock print database and search engine.


John Resig Twitter Updates

@jeresig

Infrequent, short, updates and links.