Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
--
Ed Jay (remove 'M' to respond by email)
9  1519 
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
For the people who accept new info here is one link to a direct
infection caused by JavaScript http://groups.google.com/group/stopb...d/thread/5d418...
there are many more.
Daniel http://a-ok-site.com
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more. http://groups.google.com/group/stopb...4187b832224f51
Daniel http://a-ok-site.com
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different source http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=P
Daniel http://a-ok-site.com
On Jan 25, 3:04 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different sourcehttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...
Daniel
http://a-ok-site.com
btw... I am the one who posted in the other group.
Daniel http://a-ok-site.com ao******@gmail.com wrote:
btw... I am the one who posted in the other group.
And neither have you a single clue what you are talking about nor where you
are posting (else you would have obeyed the minimum of Usenet guidelines).
If you have to post further such FUD, post it to your Google group.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann ao******@gmail.com scribed:
>On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
>On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different source
http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=P
Daniel, as I keep telling you in the html group, you are confusing errant js
on a web site with a user's computer being compromised. You keep citing
articles that clearly speak to web site hacking. The above citation states
quite clearly:
"This malicious Javascript is hosted on a Web site and run when a user
accesses the said Web site."
"It accesses Web sites to download files. As a result, malicious routines of
the downloaded files may be exhibited on the affected system."
And, as I've already mentioned, the user must execute the downloaded file to
infect his/her machine. It's the d/l file that causes havoc, not javascript.
If you follow the "Solution" link offered in your citation, it brings you
to:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=Sn>,
in which there is no mention of disabling js to resolve or prevent the
problem.
--
Ed Jay (remove 'M' to respond by email)
On Jan 25, 3:17 pm, Thomas 'PointedEars' Lahn <PointedE...@web.de>
wrote:
aoksi...@gmail.com wrote:
btw... I am the one who posted in the other group.
And neither have you a single clue what you are talking about nor where you
are posting (else you would have obeyed the minimum of Usenet guidelines).
If you have to post further such FUD, post it to your Google group.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann
Please read this http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
and this http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
It more clearly states the issue.
Daniel http://a-ok-site.com
On Jan 25, 3:31 pm, Ed Jay <ed...@aes-intl.comwrote:
aoksi...@gmail.com scribed:
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
>http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
>http://a-ok-site.com
And another from a different source
http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
Daniel, as I keep telling you in the html group, you are confusing errant js
on a web site with a user's computer being compromised. You keep citing
articles that clearly speak to web site hacking. The above citation states
quite clearly:
"This malicious Javascript is hosted on a Web site and run when a user
accesses the said Web site."
"It accesses Web sites to download files. As a result, malicious routines of
the downloaded files may be exhibited on the affected system."
And, as I've already mentioned, the user must execute the downloaded file to
infect his/her machine. It's the d/l file that causes havoc, not javascript.
If you follow the "Solution" link offered in your citation, it brings you
to:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...>,
in which there is no mention of disabling js to resolve or prevent the
problem.
--
Ed Jay (remove 'M' to respond by email)
I apologize if this turns into a double post, but the links seemed
broken in the first.
Please read this http://www.trendmicro.com/vinfo/viru...%2EAQ&VSect=Sn
and this http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=T
Daniel http://a-ok-site This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mr. x |
last post by:
Hello,
Can I make my java script code be invisible to other people who enter into
my site by IE browser ? - How ?
Thanks :)
|
by: Doug van Vianen |
last post by:
Hi,
I often like to include some JavaScript coding in my web pages to make them
more interesting. Unfortunately, even when this coding is as simple as a
check to see what the display width is in...
|
by: Simon Brooke |
last post by:
I'm working on a system which uses Google maps. I want the user to see a
map of more or less where (s)he is in the world when (s)he first comes to
the system. So the obvious thing seemed to be to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
