Mrz 17 13

alertScientists from the Northeastern University in Boston get the most popular out of 100,000 JavaScript libraries, according to their view, and tested on 133,000 websites in which versions the libraries are used.

As a result of their study, they describe that 37 percent of the scanned domains use at least one vulnerable version. At 10 percent, two or more vulnerable JavaScript libraries are in use. In addition, many of the websites analyzed load libraries such as SWFObject and YUI, which no longer receive support.

In their selection, the scientists have chosen widespread libraries such as Bootstrap and jQuery. 75,000 of the websites examined can be found in the Alexa ranking – the rest are randomly selected pages with .com domain.

Paper:
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

written by d45id \\ tags: , , , , , , , ,

Jul 15 25

In this paper we [Daniel Gruss, Clémentine Maurice, Stefan Mangard] present Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. Our attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%. Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, we propose countermeasures that can be implemented immediately.

written by d45id \\ tags: , , ,

Sep 12 25

Wie ich zu meinem Bedauern feststellen musst wird die JavaScript-Funktion getElementsByClassName()  wohl nicht vom IE unterstützt.

Nun gut, um diese nun aber trotzdem verwenden zu können,  habe ich sie mir kurzerhand selbst geschrieben:

function getElementsByClassName(node, classname)
{
 var a = [];
 var re = new RegExp('(^| )'+classname+'( |$)');
 var els = node.getElementsByTagName("*");
  for(var i=0,j=els.length; i<j; i++)
   if(re.test(els[i].className))a.push(els[i]);
    return a;
}
 Continue reading »

written by d45id \\ tags: , , , ,