Ajax Security

analysis

Aug 8, 20081 min

Black Hat and Defcon had a lot of coverage of Web 2.0 vulnerabilities. The book Ajax Security has been available since December 2007. Isn't anyone paying attention? And what about those 41 million credit card numbers?

The information is available, and the flaws can be fixed. Is anyone out there paying attention? Is anyone following up and fixing their sites? Or will it take even more criminal attacks on Ajax sites to bring the point home?

Now, before I get too worked up, I need to remind myself that it doesn’t take a good hacker to say, steal 41 million credit and debit card numbers. All it takes is 11 bozos wardriving around and installing sniffers on open wireless networks. Whether or not they exploited Ajax vulnerabilities to get in, they did get in.

Why in the world were those wireless networks still open? Didn’t the administrator set up WPA2 on the routers before turning on the WiFi radio? Obviously not: they were probably just plugged in out of the box and turned on. ARGGH!

Who did the 11 bozos hack? TJX, Barnes and Noble, DSW… Uh oh. Time to double-check my wife’s credit card bills.

Software Development

by Martin Heller

Contributing Writer

Follow Martin Heller on X

Martin Heller is a contributing writer at InfoWorld. Formerly a web and Windows programming consultant, he developed databases, software, and websites from his office in Andover, Massachusetts, from 1986 to 2010. From 2010 to August of 2012, Martin was vice president of technology and education at Alpha Software. From March 2013 to January 2014, he was chairman of Tubifi, maker of a cloud-based video editor, having previously served as CEO.

Martin is the author or co-author of nearly a dozen PC software packages and half a dozen Web applications. He is also the author of several books on Windows programming. As a consultant, Martin has worked with companies of all sizes to design, develop, improve, and/or debug Windows, web, and database applications, and has performed strategic business consulting for high-tech corporations ranging from tiny to Fortune 100 and from local to multinational.

Martin’s specialties include programming languages C++, Python, C#, JavaScript, and SQL, and databases PostgreSQL, MySQL, Microsoft SQL Server, Oracle Database, Google Cloud Spanner, CockroachDB, MongoDB, Cassandra, and Couchbase. He writes about software development, data management, analytics, AI, and machine learning, contributing technology analyses, explainers, how-to articles, and hands-on reviews of software development tools, data platforms, AI models, machine learning libraries, and much more.