Wednesday, August 10th, 2005

FUD: Using the XMLHttpRequest Object and AJAX to Spy On You

Category: Editorial

It looks like the FUD fest has started wrt Ajax. Devx has an article called Using the XMLHttpRequest Object and AJAX to Spy On You.

The example that he uses is having a game which sends back what you are doing. Like this couldn’t be done with Flash? iframes couldn’t be used to do this kind of thing?

Come on guys. There are some implications, but lets not get crazy here.

Posted by Dion Almaer at 11:53 am
1 Comment

+++--
3 rating from 6 votes

1 Comment »

Comments feed

Actually, the example cited is lightweight. Even without any of the AJAX technologies you could already write javascript that takes control of the browser (mostly) and acts as a man in the middle for all requests. Hidden frames can do everything that can be done with Synchronous requests (except without being synchronous). People have lived with that risk for years. People who are truly worried about security should go to sites for which security is important using a browser with EVERYTHING turned off (JS, Flash, Everything). The funny thing is that when you try a pretty good % of those sites require JS :) Almost no one (even in the security industry where I used to work) actually does this.

Comment by Kevin Barnes — August 11, 2005

Leave a comment

You must be logged in to post a comment.