Yahoo Mail Worm

Now that the Rich Internet Applications are getting more and more popular, just like any other environment we are getting problems from the bad guys.  Now that the door is opened publicly there will be lots of crackers crawling through AJAX codes and finding holes to insert their own little exploits, this of course means that more security problems like the Yamanner worm are along the way.

What makes it a problem in AJAX world is that source-code is relatively easy to get and for writing an exploit you don’t have to be a clever guy, it’s pretty easy. Also for AJAX developers it’s very hard to filter out possible exploits and write safe JavaScript.

So how to solve security problems that JavaScript brings us?

Btw: Here is a source of XHR object that made all this possible.