Archive for the ‘JavaScript’ Category

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

June 6th, 2019
Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its

Posted in Agama Wallet, bitcoin, Bitcoin wallet, cryptocurrency, cryptocurrency hacking, cryptocurrency wallets, hacking news, JavaScript, Komodo cryptocurrency | Comments (0)

Unless you want your payment card data skimmed, avoid these commerce sites

May 8th, 2019
Unless you want your payment card data skimmed, avoid these commerce sites

Enlarge (credit: Mighty Travels / Flickr)

More than 100 e-commerce sites around the world are infected with malicious code designed to surreptitiously skim payment card data from visitors after they make purchases, researchers reported on Wednesday. Among those infected are US-based websites that sell dental equipment, baby merchandise, and mountain bikes.

In total, researchers with China-based Netlab 360 found 105 websites that executed card-skimming JavaScript hosted on the malicious domain magento-analytics[.]com. While the domain returns a 403 error to browsers that try to visit it, a host of magento-analytics[.]com URLs host code that’s designed to extract the name, number, expiration date, and CVV of payment cards that are used to make purchases. The e-commerce sites are infected when the attackers add links that cause the malicious JavaScript to be executed.

One of the infected sites identified by Netlab 360 is ilybean[.]com, an Orlando, Florida, business that sells baby beanies. As the screenshot below shows, the site executes JavaScript hosted at magento-analytics[.]com.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, eCommerce, fraud, JavaScript, payment card skimming | Comments (0)

Visual Studio 2019 goes live with C++, Python shared editing

April 2nd, 2019
OK, so Visual Studio's always gonna look like Visual Studio. But the eagle-eyed will spot a few differences. There's the menus-in-title bar at the top. There's the message "No issues found" in the status bar, showing that background code analysis has found no problems with my code. Bottom left, to the left of the "Ready" text, is the new background task status indicator that provides more information about things like scanning code to build IntelliSense information. There's a (not visible) GitHub tab in the Solution Explorer panel that's used for the new Pull Request integration. And, of course, there's the Live Share button top right.

Enlarge / OK, so Visual Studio's always gonna look like Visual Studio. But the eagle-eyed will spot a few differences. There's the menus-in-title bar at the top. There's the message "No issues found" in the status bar, showing that background code analysis has found no problems with my code. Bottom left, to the left of the "Ready" text, is the new background task status indicator that provides more information about things like scanning code to build IntelliSense information. There's a (not visible) GitHub tab in the Solution Explorer panel that's used for the new Pull Request integration. And, of course, there's the Live Share button top right.

A new version of Microsoft's integrated development environment (IDE) goes live today with the release of Visual Studio 2019 and its cousin Visual Studio 2019 for Mac.

Visual Studio is in a bit of a strange position, and it would be fair for developers to ask why this branded release even exists. Visual Studio 2017 has received nine point releases and countless patch releases since its release two years ago. Each of these releases has brought a mix of new features and bug fixes, and for Visual Studio users, the experience feels comparable to that of, say, Google Chrome, where each new version brings a steady flow of incrementally improved features and fixes.

Indeed, this iterative, incremental model is the one that Microsoft is pushing (and using) for services such as Azure DevOps and is comparable to the continuous development we see for Office 365, which is updated monthly, and the free and open source Visual Studio Code, which also has monthly iterations. With this development process in place, one wonders why we'd bother with "Visual Studio 2019" at all; let's just have "Visual Studio" and keep on updating it forever.

Read 11 remaining paragraphs | Comments

Posted in C#, development, JavaScript, Mac, microsoft, Open Source, Python, Tech, typescript, visual studio | Comments (0)

JavaScript infinite alert prank lands 13-year-old Japanese girl in hot water

March 8th, 2019
Edge makes it easy to break out of infinite JavaScript alert loops.

Enlarge / Edge makes it easy to break out of infinite JavaScript alert loops.

Japanese police in the city of Kariya have questioned and charged a 13-year-old female student for distributing malicious code online after she linked to the code on an online message board. The malicious code in question? An infinite loop that popped up an alert message, immediately showing a new message each time you click OK.

Those curious to see the code can see it in action here, though it's probably unwise to visit on mobile browsers, as they don't seem particularly tolerant of this kind of prank. Every mainstream desktop browser seems to handle the malicious page without incident. Edge, for example, offers a checkbox to prevent the page from being able to show subsequent dialogs, and Chrome lets you close the tab in spite of the alert box. The code itself is extraordinarily simple; it's literally nothing more than an infinite loop and an alert box that prints a kaomoji and a short message that translates as "It's no use closing it so many times."


for ( ; ; ) {
window.alert(" ∧_∧ ババババ\n( ・ω・)=つ≡つ\n(っ ≡つ=つ\n`/  )\n(ノΠU\n何回閉じても無駄ですよ~ww\nm9(^Д^)プギャー!!\n byソル (@0_Infinity_)")
}

Read 4 remaining paragraphs | Comments

Posted in crime, Japan, JavaScript, Policy, popup | Comments (0)

Post-mortem: Tying Edge to Windows 10 was a fatal error

December 6th, 2018
Post-mortem: Tying Edge to Windows 10 was a fatal error

Enlarge (credit: @AndreTelevise)

As reported earlier this week, Microsoft is going to use Google's Blink rendering engine and V8 JavaScript engine in its Edge browser, largely ending development of its own EdgeHTML rendering engine and Chakra JavaScript engine. This means that Microsoft will be using code from—and making contributions to—the Chromium open source project.

The company's browser will still be named Edge and should retain the current look and feel. The decision to switch was motivated primarily by compatibility problems: Web developers increasingly test their pages exclusively in Chrome, which has put Edge at a significant disadvantage. Microsoft's engineers have found that problematic pages could often be made Edge compatible with only very minor alterations, but because Web devs aren't using Edge at all, they don't even know that they need to change anything.

The story is, however, a little more complex. The initial version of Edge that shipped with the first version of Windows 10 was rudimentary, to say the least. It was the bare bones of a browser, but with extremely limited capabilities around things like tab management and password management, no extension model, and generally lacking in the creature comforts that represent the difference between a bare rendering engine and an actual usable browser. It also had stability issues; crashes and hangs were not uncommon.

Read 12 remaining paragraphs | Comments

Posted in Blink, chrome, Chromium, development, EDGE, google, JavaScript, microsoft, Open Source, Tech, WebKit | Comments (0)

Moses Hernandez, Cisco Systems – Paul’s Security Weekly #520

July 3rd, 2017

Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul’s!). The crew then got into a deep discussion of the history of many different technologies (Solaris Firewalls, IDS, Java and more!). Moses talked at length about serialization bugs in both PHP and Java. Then we dove […]

The post Moses Hernandez, Cisco Systems – Paul’s Security Weekly #520 appeared first on Security Weekly.

Posted in Cisco Systems, deserialization bugs, IDS, Java, JavaScript, Moses Hernandez, Paul's Security Weekly, PHP, Solaris Firewalls | Comments (0)

Is Zepto ransomware the new Locky?

July 5th, 2016

Beware the latest arrival on the ransomware scene: Zepto. We tell you what to look for, and what you can do.

Posted in JavaScript, Locky, ransomware, Word, Zepto | Comments (0)

Ransomware that’s 100% pure JavaScript, no download required

June 20th, 2016

The ransomware wolf in sheep’s clothing that consists of pure JavaScript, scrambles your data, and leaves you with a password stealer.

Posted in JavaScript, RAA, ransomware | Comments (0)

Why you can’t trust things you cut and paste from web pages

May 26th, 2016

Just when you thought it was safe to delve into your clipboard.

Posted in css, Cut and paste, JavaScript, Pastejacking, Vulnerability, Web Browsers | Comments (0)

WordPress Patches Serious Shortcodes Core Engine Vulnerability

September 15th, 2015

WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.

Posted in Check Point, Cross site scripting, JavaScript, Netanel Rubin, Shahar Tal, targted attacks, vulnerabilities, Watering hole attacks, Web Security, WordPress, WordPress 4.3.1, WordPress core engine, WordPress shortcodes patch, WordPress Vulnerability | Comments (0)