[FoRK] Why AJAX? ActiveX is turned off

Wilkin, Kurt Kurt.Wilkin
Thu Oct 13 22:53:33 PDT 2005

Steve Norquist wrote:
> No...no, FOX must have covered it somehow.  


> http://www.business2.com/b2/web/articles/0,17863,1107751,00.html
> Innovation always has the power to disrupt business. Here?s what to
> watch in the years ahead.

Collecting a few things
 + previously forked ajax security concerns
 + FOX
 + power to disrupt business
 + social networking 

Leads to the first(?) javascript-transported worm in the wild, 
loose on the Fox owned community site 'myspace'.

Reported in (blog-language in) http://e-scribe.com/news/103 [*]
"The Ajaxy bits of Web 2.0 that bring us an increase in 
client-side power also open up new vistas of malware"

Why? Well, from http://fast.info/myspace/
"If I can become their friend...if I can become their hero...
then why can't their friends become my friend...my hero. I can 
propagate the program to their profile, can't I. If someone 
views my profile and gets this program added to their profile,
that means anyone who views THEIR profile also adds me as a 
friend and hero, and then anyone who hits THOSE people's 
profiles add me as a friend and hero..."

And the Ajack http://namb.la/popular/tech.html :
"So, we use XML-HTTP in order for the actual client to make 
HTTP GETs and POSTs to pages. However, myspace strips out the 
word "onreadystatechange" which is necessary for XML-HTTP requests. 
Again, we can use an eval to evade this. Another plus to XML-HTTP 
is that the necessary cookies required to perform actions on myspace 
are passed along without any hassle.
Example: eval('xmlhttp.onread' + 'ystatechange = callback');"

Cheers, Kurt.

[*] Web 2.0 = Web 1.0 + Ajax
            = browser + Ajax
            = (Javascript + markup) + (Javascript + markup)
            = 2(Javascript + markup)
            = 2(browser)
            = browser
            = Web 1.0

So we may not be getting anywhere, but at least the version
numbers are going up.

This electronic message together with any attachments is confidential and
intended for the named recipient's use only.  If you are not the intended
recipient (i) do not copy, disclose or use the contents in any way, (ii)
please let us know by return email immediately then destroy the message, and
any hard copies of the message, and any attachments.  The sender of this
message is not responsible for any changes made to this message and/or any
attachments and/or connection linkages to the Internet referred to in this
message after it has been sent.  Unless otherwise stated, any pricing
information given in this message and/or attachments is indicative only, is
subject to change and does not constitute an offer to buy or sell securities
or derivatives at any price quoted.  Any reference to the terms of executed
transactions should be treated as preliminary only and subject to separate
formal written notification.  Where reference is made to research material
and/or research recommendations, the basis of the provision of such research
material and/or recommendations is set out in the relevant disclaimer.

More information about the FoRK mailing list