Whatsapp, Slack, Skype and apps based on popular Electron framework vulnerable to backdoor attacks

This week at B-Sides LV, security researcher Pavel Tsakalidis presented his work on security defects in the Electron framework, a cross-platform development framework that combines Javascript with Node.js: apps built with Electron include Skype, Slack, Whatsapp, Visual Studio Code and others. Read the rest

You can do everything in Javascript with six characters: []()!+

Springing from the august tradition of esoteric programming language Brainfuck, behold the mind-mangling power of JSFuck. Read the rest

Javascript dress

Thinkgeek's $59 JavaScript Code Fit & Flare Dress comes in sizes 6-14; no word on what the code does (I hope it's malware that poisons OCR systems!) (via Crazy Abalone) Read the rest

Pastejacking: using malicious javascript to insert sneaky text into pasted terminal commands

When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal -- even experienced administrators and programmers aren't immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task. Read the rest

Trigger Windows Solitaire victory animations with a single click

Here is a startlingly compelling implementation of the classic Windows Solitaire victory animation: simply click and win! The creator is Richard Cabello, who has perhaps played enough Windows Solitaire for one lifetime. Read the rest

Javascript-based PC emulator, running GNU/Linux

Fabrice Bellard has written a 32 bit x86 emulator in Javascript -- in plain English, he's created a virtual PC that runs inside your browser, using Javascript. And then (of course), he created a GNU/Linux variant that can run inside it -- so you can run a full-featured PC inside your browser. It's a pretty fabulous hack and has far-reaching implications: for example, you could theoretically run any program or OS inside your browser, even if you're using a locked-down platform that won't let you change the OS or install your own programs. And then there's stuff like installing MAME in a virtual browser machine, so that you can play all/any retrogames.

What's the use ? I did it for fun, just because newer Javascript Engines are fast enough to do complicated things. Real use could be:

* Benchmarking of Javascript engines (how much time takes your Javascript engine to boot Linux ?). For this particular application, efficient handling of 32 bit signed and unsigned integers and of typed arrays is important. * Client side processing using an x86 library, for example for cryptographic purposes. For such application, the x86 emulator can be modified to provide an API to load x86 dynamic libraries and to provide a js-ctypes like API to call the C/C++ functions from javascript. * A more advanced version would allow to use old DOS PC software such as games.

JS Linux

Javascript PC Emulator - Technical Notes

(via Command Line) Read the rest