DAMNED Re: Fedora Security and the Uverse 3800HGV-B router

[JD]

On 07/02/2011 01:18 PM, Reindl Harald wrote:
>
> Am 02.07.2011 16:50, schrieb JD:
>> On 07/02/2011 01:32 AM, Reindl Harald wrote:
>>> Am 02.07.2011 06:14, schrieb JD:
>>>
>>>> When will the linux community wake up and shout out loud:
>>>> Kill JavaScript from all browsers and all network servers
>>>> and network clients
>>> never because the community is not dumb
>>> why do we not forbid knifes since people are killed with them?
>> Not the same issue
> sure, because knifes can hurt people
>
> LOCAL file browsing can not or will you forbid any fileupload per webform
> because you also not understand why it is not a sceurity problem that
> you can browse local files here?
Big difference.
When I knowingly and deliberately browse my files,
cannot be deemed to be the same as a javascript
that some web site sends to my computer to be executed
by the browser to snoop on my files.

>> Most people are not even aware that their personal
>> files are being uploaded
> their will be nothing uploaded and you should stop to cry
> things like "When will the linux community wake up" until
> you have ANY BASICAL knowledge about what you are speaking
That is your opinion.
Javascripts sent by web sites are a threat to privacy
and even security.

>> If a javascript can browse all accessible files, what's there
>> to prevent someone from writing a javascript to spawn
>> a process to upload your files?
> damend you can not spawn a process with javascript and
> you CAN NOT silently upload files with JS, so please
> get some basics or shut up instead making some noobs crazy
> which maybe believe your stuff
>
Have you used spawn used in javascript?
In fact you can spawn multiple threads from a javascript.

>> A simpler example, how do you think a javascript can
>> tell that you have been to some particular site?
>> It uploads your cookies.
> it can not access cookies from foreign domains damned
> learn basics or shut up!
And just who/what would prevent a javascript
from examining your cookies? Your browser? :)

>> I would have hoped that the FOSS communities would have
>> raised a big public fuss (pun unintentional) over websites
>> sending javascripts at peoples' computers and compromising
>> their files
> the problem is that the FOSS community has basic knowledges
> and you have not - so you make other people which have
> also now technical knowledge crazy with your braindead rant
You seem to be a professional ostrich.
Bury your head in the sand if you wish
and say you see no threat in javascripts
pushed by websites.

If your myopia were reality, why would
people start to take a much harder look at
javascripts, and try find ways to foil them?