A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help.
"The whole point was to show how scary cross-site scripting has become."
"Once one person has talked about the ability to do it, it doesn't take that long for somebody else to come up with it," said one ShmooCon attendee who asked to remain anonymous. "It will come out."
There are already 50k hits for a Google search on "Jitko". A few comments from around the web: Jeremiah Grossman, of Whitehat Security, and "Pascal". Anurag Agarwal offered a Reflection on Billy Hoffman, along with a photo:
This week on Reflection we have a very young guy from the webappsec field.
Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time.
I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.
Anyone who has worked with Billy knows, he is one of the best security researchers in the world. Billy is among the first people I contact when I need to bounce an idea off someone, and the insight he brings to the table is always impressive. Based on my firsthand experience, it is incomplete to the degree of inaccuracy to simply say "he thinks outside the box". Billy destroys the box before your eyes while telling you what you need to keep in mind when building your next box.
We can say with confidence, that when what comes after "Web 2.0"/AJAX is created, Billy's work will be one of the factors driving design decisions.
I enjoy watching him repeatedly pop up in the press. I feel proud to have known him back when he was just an unknown college student getting sued for the first time.. :)
Oh, btw.. Billy is also a member of the Industrial Memetics Team, and actively contributes to MemeStreams development. We consider ourselves lucky.