2020-12: another reason why JavaScript SUCKS badly and websites NEED TO WORK without JS: it might “destroy” NAT security:

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.

https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results

Confirmed! JavaScript is indeed EVIL!

just imagine you surf a hacked website… that hijacks your phone calls expensive numbers… sends spam mail and whatsapp messages to your trusted friends and encrypts all your holiday pictures.

CONGRATULATIONS!

“The duo used an integer overflow in the JavaScript engine of the web browser to exfiltrate a picture from the phone. They earn $25K and 6 Master of Pwn points.”

https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g

https://www.linkedin.com/in/michael-contreras-460029a7

as seen on:

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin