Fedora Security and the Uverse 3800HGV-B router

[Reindl Harald]

Am 03.07.2011 02:42, schrieb Sam Varshavchik:

> What you're missing is that a remote server's ability to instruct your web browser to open the contents of file:///
> URL is limited to precisely that: your web browser opening and displaying the contents of file:///. The remote
> server's javascript has no means of accessing the contents of file:///. Once your web browser opens file:///, the
> previous page from the remote server is closed, together with all the javascript that was in it.
> 
> If file:/// gets opened in a separte window or a tab, as can be done, the javascript running from another window or
> tab still has no means of accessing the contents of another scope, as well. Javascript can only access resources
> that originate from the same scope.
> 
> This is a well-understood security model. There have been isolated instances in the past, where flaws were
> discovered in some individual browser's security model that allowed some mechanism for running Javascript to access
> content from another scope; occasionally a common flaw was found that was shared by several browsers.
> 
> Barring your wonderrouter leveraging some hereto unknown security exploit, all that your wonderrouter is doing is
> the equivalent of the HTML that reads
> 
> <a href="file:///">Y0U h4ve b33n p0wned</a>

my conclusion is that JD is one of two types of people:

* troll starting useless flamewar
* learning resistent idiot without any technical understanding

in the worst case both of it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110703/c19c2a76/attachment-0001.bin