alphadogg writes “Google’s e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months.
Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript.
‘In some cases, the message may have forwarded the user’s browser to a pharma site or tried to download something unexpected,’ Google said in its official blog.”
Read more of this story at Slashdot.
Link to the original site
Dan Jones writes “Google has open sourced several of its key JavaScript application development tools, hoping that they will prove useful for external programmers to build faster Web applications. According to Google, by enabling and allowing developers to use the same tools that Google uses, they can not only build rich applications but also make the Web really fast. The Closure JavaScript compiler and library are used as the standard Javascript library for pretty much any large, public Web application that Google is serving today, including some of its most popular Web applications, including Gmail, Google Docs and Google Maps. Google has also released Closure Templates which are designed to automate the dynamic creation of HTML. The announcement comes a few months after Google released and open sourced the NX server.”
Read more of this story at Slashdot.
Link to the original site
Nithendil writes “guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I’ve seen today, here’s what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there.”
Read more of this story at Slashdot.
Link to the original site