Saint_Michael 3 Report post Posted April 3, 2007 (edited) Well lets start off by saying these 2 people are complete morons. The first guy who had this thing loaded up on the internet so it could be shown on how it works and not securing it so it couldn't be downloaded. Does a home server ring a bell? guess not. second guy for downloading it and then uploading it to his site with the excuse that "he thought it would be useful to other security professionals looking for ways to illustrate just how dangerous a scripting attack can be." Now this code has been found on several websites and now could be use to hijack web browsers. Well heres a clearer explaination of it: Hoffman had discovered a way to write a Web vulnerability scanner in JavaScript, a Web language that can run in any browser. This technique circumvents JavaScript's security restrictions and, concerned that his Jikto code could be misused, Hoffman says he took extra steps to prevent the code from getting out. With Jikto now public, security researchers worry it could be misused by criminals to scan internal networks for sensitive information or to build a malicious botnet code. "This particular tool is designed to take control of the Web browser," said Jeremiah Grossman, chief technology officer with WhiteHat Security. "It will crawl other Web sites and scan them, looking for vulnerabilities."Noo really??? Well It was smart of him to find a way for this could be done hopefully he has a way to block it from happening now. Well it looks like we will be getting more patches for every browser that is currently being used. To add to the stupidity e said he's not angry at Schroll for snagging and releasing the Jikto code. "He probably did what any curious individual would have done," he said. "I really can't fault someone for being curious because that's what my job is." I would be very angry that someone just upload this program to be used to hack a person browser and computer, but no the first guys says he's not moron. Hoffman was sanguine about the release of his tool, saying that criminals would probably have been able to develop something similar to his short, 800-line application. "It's kind of a tragedy that this ended up getting released," Hoffman said. "But in reality, the bad guys probably knew this, and even if they didn't have it, they were probably a couple of months away." I would say maybe or it oculd be a possibility but now that they have an idea on how to do it expect different versions of this to pop up in the near future. Now here comes the punch line neither of them have been arrested over the fact that this in a way illegal coding and actualy help people in using this to commit crimes. It argurable that they don't have to be arrested but still one made the code that is used to hack into computers/broswers, 2 it was uploaded for everyone to see and use. Thoughts on this? SOURCE HERE Edited April 3, 2007 by Saint_Michael (see edit history) Share this post Link to post Share on other sites
FLaKes 0 Report post Posted April 4, 2007 I dont see why he should be arrested, Its not like he is comitting crimes with it. Its kind of like saying Einstein should have also been arrested, but it doesnt work that way. I can clearly see more job opportunities coming up for internet security areas, or maybe it will be fixed by an update and we can all forget about this. Share this post Link to post Share on other sites