This post originated from an RSS feed registered with Ruby Buzz
by Jeremy Voorhis.
Original Post: Security Vulnerability in Cross-Domain Ajax Discovered
Feed Title: JVoorhis
Feed URL: http://feeds.feedburner.com/jvoorhis
Feed Description: JVoorhis is a Rubyist in northeast Ohio. He rambles about Ruby on Rails, development practices, other frameworks such as Django, and on other days he is just full of snark.
Lucas Carlson has uncovered a security vulnerability in cross-domain Ajax. The vulnerability is currently only applicable to Safari, where cross-domain Ajax is enabled for the file:// scheme. It is a port-scanner that posts its results to rafb.net/paste, like this.