DefCon and Black Hat have become the premiere security events of the year. Not only are they amazingly fun and informative, but some of the biggest security and insecurity news of the year is now coming out of the minds of those in the culture.
In the last couple years, the dotcom bust gave way to the slow maturation of web-based application delivery, and it is now shooting off quite rapidly. Web-enabled apps have been the buzzword in development for the past two years. In addition, the browser wars with phishers, spammers, and scammers has heightened and browsers are more and more under the guns and fuzzers.
And now, it’s happened. Javascript has been demonstrated to be able to not just screw with a local system, but also penetrate the local network that system is on.
Wow.
Ha.ckers.org made an excellent post that beats anything I could say. But I will add that if someone has presented it to us now, there is little doubt that these techniques have already been in use by the underground.