This is a method by which the attacker can profit from control of online brokerage
accounts in a much more subtle and difficult to track way than the classic ???fraudulent
funds transfer.???
136
Vic DeVictim is an author of techno-thriller novels, an experienced stock day trader
and a more advanced than average Internet user. He is immune to the numerous stockpumping
spam e-mails and forum messages he sees every day, and he pities those poor
fools who are na??ve enough to fall for those obvious scams. As an active trader, Vic
monitors his stock portfolio during most of the day while working on his latest novel in
the wildly popular Dirk McChin series, Operation Catfish.
Vic is a client of a popular online discount brokerage, BadStockBroker.com, and enjoys
using the company??™s new AJAX-enabled stock ticker. This new portfolio monitoring
application comprises a JavaScript-enhanced web page running within a small browser
window on Vic??™s desktop. This ticker uses an XMLHttpRequest object to request the
latest prices from BadStockBroker.com without a page refresh, and it updates the ticker
page??™s DOM with the results. This use of AJAX gives Vic the ability to receive immediate
information from his broker without irritating page reloads or the need to install a thick
Windows client.
Pages:
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268