WHAT'S HOT
PARTS:
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 173 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

The breaking of this convention is
what leads to many of the benefits of AJAX applications.
In the case of our GoatFriends IM client, an attacker who wants to figure out the
names and e-mails of other users??™ IM contacts can use a malicious web site to request the
JavaScript stream, parse the arrays, and send the results to herself. An example of this
attack would look like this: