A new tool called Jikto can turn any PC or device with a browser into a site attacker.
A new tool too dangerous to give away can turn any PCWindows, Mac, Linuxor any device with a browser into a site attacker.
The tool, called Jikto, is a Web application scanner that searches for cross-site scripting vulnerabilities. Billy Hoffman, a security researcher with SPI Dynamics,
After silently inserting itself to run inside any browserbe it that of a PC, a cell phoneJikto can then search sites for cross-site scripting vulnerabilities and report its findings to a third party without the user of the infected browser being aware.
It can also replicate itself onto sites containing cross-site scripting vulnerabilities and then spread via latching onto visiting browsers, Hoffman told eWEEK in an interview.
Read more here about cross-site scripting attacks.
Web application vulnerability scanners have been around some seven years. Most have been software installed on a PC.
Thats good, the security researcher said"By getting them interested, we can use that to [heighten the awareness of the dangers of Web site vulnerabilities]."
earlier in March, with some 95 percent of search results on "hot" keywords leading to malware and exploit sites.