These invisible characters could be hidden backdoors in your JavaScript code

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,736
123,875
8,399
Content source
https://www.bleepingcomputer.com/news/security/these-invisible-characters-could-be-hidden-backdoors-in-your-js-code/
Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike?

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software.
Click to expand...
Security researcher Wolfgang Ettlinger, who is also the Director of Certitude Consulting, surmised "what if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?" [...]

"The script implements a very simple network health check HTTP endpoint that executes ping -c 1 google.com as well as curl -s http: //example.com and returns whether these commands executed successfully. The optional HTTP parameter timeout limits the command execution time," explains the researcher in his blog post.
Click to expand...
www.bleepingcomputer.com

Invisible characters could be hiding backdoors in your JavaScript code

Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • +Reputation
Reactions: struppigel, oldschool, Andy Ful and 3 others
You must log in or register to reply here.

You may also like...