On Sat, 2011-07-02 at 16:45 -0700, JD wrote:
On 07/02/2011 01:07 PM, Craig White wrote:
> On Fri, 2011-07-01 at 21:14 -0700, JD wrote:
>
>> You are right.
>> It turns out it does it via the intruder which the whole
>> world was deceived by Sun that it only plays in a sandbox
>> and has no access to anything outside that sandbox: Javascript.
> ----
> what does javascript have to do with Sun? It is not java. It doesn't
> share anything at all with java except the name which was an unfortunate
> choice.
> ----
>> So I used noscript to disable scripts from 192.168.1.254
>> and access to my drive went away.
>>
>> When will the linux community wake up and shout out loud:
>> Kill JavaScript from all browsers and all network servers
>> and network clients.
> ----
> turn off javascript and the Internet is almost unusable. I think you
> were close when you realized that your 'router' is likely an attack
> vector because many of the retail/home intended routers are known to
> have been compromised.
> ----
>> It is THE trojan horse hiding in plain site and can access
>> EVERYTHING on your system that YOU have access to and
>> send it back to whatever destination the javascript was
>> written to send it to.
>>
>> Common people! JAVASCRIPT being executed by your
>> browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!!
> ----
>
http://en.wikipedia.org/wiki/Javascript
>
> Sandbox implementation errors
>
> Web browsers are capable of running JavaScript outside
> of the sandbox, with the privileges necessary to, for
> example, create or delete files. Of course, such privileges
> aren't meant to be granted to code from the web.
>
> What you have demonstrated is one of the many reasons not to run GUI as
> root but you only saw the files/folders that you could see with a tool
> like nautilus or dolphin with exactly the same privileges so I guess I
> can't understand your hysterics.
>
> If noscript gives you peace of mind, then use it.
>
> Craig
>
>
Why do you resort to name calling?
It is not hysterics.
A javascript sent by we site can, if written
to do so, open your files and upload them to
some remote site; and you call this hysterics?
Something is wrong with your thinking to resort
to name calling.
I think user's awareness, that javascripts are indeed
invasive and a great threat to privacy, needs to be
raised. Most users are unaware of this threat.
----
I'm probably wasting my time here but nowhere did I resort to anything
even remotely close to name calling.
I wonder if you confused my one entry into this thread with others or
simply have a comprehension problem.
The post I responded to...
It is THE trojan horse hiding in plain site and can access
EVERYTHING on your system that YOU have access to and
send it back to whatever destination the javascript was
written to send it to.
Common people! JAVASCRIPT being executed by your
browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!!
if that isn't hysterics, then I don't know what is. The sky is not
falling.
Craig
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.