Fedora Security and the Uverse 3800HGV-B router

JD jd1008 at gmail.com
Sun Jul 3 01:18:22 UTC 2011


On 07/02/2011 05:34 PM, Ed Greshko wrote:
> On 07/03/2011 07:45 AM, JD wrote:
>> Why do you resort to name calling?
>> It is not hysterics.
>> A javascript sent by we site can, if written
>> to do so, open your files and upload them to
>> some remote site; and you call this hysterics?
>> Something is wrong with your thinking to resort
>> to name calling.
>> I think user's awareness, that javascripts are indeed
>> invasive and a great threat to privacy, needs to be
>> raised. Most users are unaware of this threat.
>>
> Let's put it a different way then.....
>
> Turn off javascript in your Browser for a day and see how your Internet
> experience is affected.  Then consider for a moment your statement that
> "javascripts are indeed invasive and a great threat to privacy, needs to
> be raised. Most users are unaware of this threat" in relationship to how
> long javascript has been in use and how widely it is used as well as
> your current level of familiarity with javascript.
>
> If  javascript is as great a threat as you seem to think, then wouldn't
> you think there would be a concerted effort to fix the problem?  Don't
> you think that by now people with much more experience would be raising
> the alarms?
>
> FWIW, I've found that one of the biggest mistakes I've made in the past
> is to come to conclusions based on observations when I was ignorant of
> the underlying theory/principles/subject.
>
> If you are interested in learning more, maybe you should start by
> picking up a copy of  http://oreilly.com/catalog/9780596000486
Thanx Ed.
I may not be a javscript expert. But here is a tiny tip of the problem:

An Empirical Study of Privacy-Violating Information Flows in JavaScript 
Web Applications
http://cseweb.ucsd.edu/~lerner/papers/ccs10-jsc.pdf

JavaScript Scope and IntenseDebate's Privacy Problems
http://www.mavitunasecurity.com/blog/javascript-scope-and-intensedebates-privacy-problems/

"...JavaScript has a more troubling history of security holes...."
http://www.w3.org/Security/Faq/wwwsf2.html

Quote:
/" ...Javascript/ is a client language, but you /can/ combine it whit a 
server language to /delete files/. in PHP you /can/ use unlink() 
function to /delete file/. *...*"
http://digitarald.de/forums/topic.php?id=110


More information about the users mailing list