Tool: JavaScript bug-hunting tool revealed

[Shawn]

A security researcher at ShmooCon in Washington on Saturday
demonstrated, but did not release, a tool that turns the PCs of
unknowing web surfers into hacker help.

As expected, SPI Dynamics researcher Billy Hoffman demonstrated a web
application vulnerability scanner written in JavaScript. The tool,
called Jikto, can make an unsuspecting web user's PC silently crawl
and audit public websites, and send the results to a third party,
Hoffman said.

But, in a change of plans, Hoffman did not publicly release Jikto.
"The higher-ups first say we can, and then they change their mind," he
said after his presentation. "We decided to focus on the educational
message and show people the danger."

Full story here:
http://www.snpx.com/cgi-bin/news55.cgi?target=195888968?-2622

Shawn