Dean's Blog

I came across another interesting story in my Google Reader. This one spoke directly to what were doing in class. A new security threat was found to just about all AJAX toolkits. The article talked a little bit about what the threat was; something about the attackers being victimized user to get the information. It also mentioned that almost all of the major 12 toolkits were affected by this problem. When I searched further about the issue, I found this article that laid out exactly how the security issue worked. It has to do with using JSON instead of using XML and how the browser was handling it. Brian Chess, the chief software architect of Fortify Software called this a "new class" of attack. The web site of Fortify Software had its own article on the problem because of the severity of the issue. For sites like GMail, it creates a huge problem. Emails can contain very sensitive information that can be intercepted because of this problem. I don't think we have to worry about it for our projects, but its gonna make me think twice about how I use the bus.emich.edu email.