Posts by bobcaruthers 3 publicly visible posts • joined 5 Feb 2014
Yes I agree.
But as with indexes on database columns, or manually inlining functions, it would be nice to have some control of where the optimization is done. There are many functions (say collision detection in a game) that don't get called all the time but would nice to keep super optimized and fast.
So if the V8 / Crankshaft engine only does the optmized double compilation on code that it thinks is run often, then to speed up my javascript apps I should call all functions a few thousand times (like warming up an engine) before the app starts, to force the browser to apply the optimized compilation to everything.
A page takes a few seconds to load, so maybe I should spend those seconds on looping through function calls while I wait for assets to load?
Also, I wonder if it can detect the same library version (say a version of jQuery) when it is included on multiple tabs or URLs, and use the same optimizations, rather than having to reanalyze it several times.
Interesting..
There is nothing magic or new going on with this technique. In a nutshell...
Malicious code is disguised as pixels or meta data in a PNG file, so that when a server admin runs a checkup they don't spot the code. All they see is a list of PNGs, and a list of Javascript files that load PNGs. Everything looks normal, and the malware didn't get detected.
So how does it do harm?
The Javascript that loads the PNGs also has a little loop in it to unpick the hidden code from the PNG's pixels or meta data. The new code (more Javascript) is injected into the page and run, having all the permissions that any other Javascript does on that page. Now it can do malicious things - highjack ad links or something.
How did it get on the server?
Someone hacked a server and uploaded the Javascript covertly, they also presumably modified an HTML page to link to it. The PNGs can be on anyones server - like Flickrs - since there is nothing intrinsically harmful about them by themselves.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
