Ajax and Phishing
I came across an page talking about AHAH (Asynchronous HTML and HTTP). I’ve already done an article on this, but this one caught my eye because of his mention about security.
He makes an interesting observation about people with criminal intent. With Ajax a hacker only needs to fake a domain name once. He can then fake browser activity by using Ajax to “refresh” the entire HTML body. Can we say phishing? Before, the above average user could simply note a URL change from “wellsfargo.com” to “206.34.??.??” for instance. This would be a sufficient alert for most. With no browser redirects the world of attackers using Phishing seems to now be endless.
Just something more to keep in mind with new and developing technology. I’m sure as it increases in popularity developers with start to address these issues.