Distributed Computing In JavaScript

mapreduce

We’ve heard about the idea of using browsers as distributed computing nodes for a couple years now. It’s only recently, with the race towards faster JavaScript engines in browsers like Chrome that this idea seems useful. [Antimatter15] did a proof of concept JavaScript implementation for reversing hashes. Plura Processing uses a Java applet to do distributed processing. Today, [Ilya Grigorik] posted an example using MapReduce in JavaScript. Google’s MapReduce is designed to support large dataset processing across computing clusters. It’s well suited for situations where computing nodes could go offline randomly (i.e. a browser navigates away from your site). He included a JavaScript snippet and a job server in Ruby. It will be interesting to see if someone comes up with a good use for this; you still need to convince people to keep your page open in the browser though. We’re just saying: try to act surprised when you realize Hack a Day is inexplicably making your processor spike…

[via Slashdot]

Sslstrip, Hijacking SSL In Network

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.

Google Chrome Roundup

Google Chrome made a huge splash in the past week, but will it really change the way you browse, and convince you to switch from your current browser? For those who want to play with it but don’t want Google to completely take over their lives, Chromium is the open source project behind Google Chrome. Linux and OS X users can also run Chrome using WINE, although success is not guaranteed. To make an educated choice, read Scott McCloud’s comic which explains the underpinnings. Make sure you’re aware of Chrome’s security vulnerabilities, and take advantage of Lifehacker’s guide to make your browsing experience as convenient and useful as possible. There are some great features, including the ability to log into multiple Google accounts using its much-lauded Incognito mode, which prevents Google Chrome from logging information on your browsing and downloading habits (websites you browse can still track your information). For convenience, you can also install Chrome on a USB drive, and take it anywhere with you. Explore the many Google Chrome blogs that have popped up to provide advice on hacking and tweaking the browser. Or you could just get all your information from 4chan.

IBM Sees Influx In Zero-day Exploits


IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Javascript Vi


Few would dispute that Vi was a great text editor in its day, but no one has done anything to bring it back until now. A company called Internet Connection has developed JSVI, a clone of Vi that was written in javascript and runs inside editable text areas on virtually any browser with javascript support.

It functions identically to Vi, offering ed/ex command support, vi-keys, unicode awareness, and a number of other features available on Vi. You can see a demo of JSVI here. If you prefer to run vi on your own page, download this javascript document. JSVI is open source, and we certainly agree with [Jason Striegel] that this would make a fitting addition to any Unix blog or forum.

emacs sucks.

[via Hackzine]

Firefox 3 Vulnerability


TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.