|
P: n/a
|
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
--
Ed Jay (remove 'M' to respond by email)
| |
Share this Question
|
P: n/a
|
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway. | |
|
P: n/a
|
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
For the people who accept new info here is one link to a direct
infection caused by JavaScript http://groups.google.com/group/stopb...d/thread/5d418...
there are many more.
Daniel http://a-ok-site.com | |
|
P: n/a
|
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more. http://groups.google.com/group/stopb...4187b832224f51
Daniel http://a-ok-site.com | |
|
P: n/a
|
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different source http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=P
Daniel http://a-ok-site.com | |
|
P: n/a
|
On Jan 25, 3:04 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different sourcehttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...
Daniel
http://a-ok-site.com
btw... I am the one who posted in the other group.
Daniel http://a-ok-site.com | |
|
P: n/a
| ao******@gmail.com wrote:
btw... I am the one who posted in the other group.
And neither have you a single clue what you are talking about nor where you
are posting (else you would have obeyed the minimum of Usenet guidelines).
If you have to post further such FUD, post it to your Google group.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann | |
|
P: n/a
| ao******@gmail.com scribed:
>On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
>On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
http://a-ok-site.com
And another from a different source
http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=P
Daniel, as I keep telling you in the html group, you are confusing errant js
on a web site with a user's computer being compromised. You keep citing
articles that clearly speak to web site hacking. The above citation states
quite clearly:
"This malicious Javascript is hosted on a Web site and run when a user
accesses the said Web site."
"It accesses Web sites to download files. As a result, malicious routines of
the downloaded files may be exhibited on the affected system."
And, as I've already mentioned, the user must execute the downloaded file to
infect his/her machine. It's the d/l file that causes havoc, not javascript.
If you follow the "Solution" link offered in your citation, it brings you
to:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=Sn>,
in which there is no mention of disabling js to resolve or prevent the
problem.
--
Ed Jay (remove 'M' to respond by email) | |
|
P: n/a
|
On Jan 25, 3:17 pm, Thomas 'PointedEars' Lahn <PointedE...@web.de>
wrote:
aoksi...@gmail.com wrote:
btw... I am the one who posted in the other group.
And neither have you a single clue what you are talking about nor where you
are posting (else you would have obeyed the minimum of Usenet guidelines).
If you have to post further such FUD, post it to your Google group.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann
Please read this http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
and this http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
It more clearly states the issue.
Daniel http://a-ok-site.com | |
|
P: n/a
|
On Jan 25, 3:31 pm, Ed Jay <ed...@aes-intl.comwrote:
aoksi...@gmail.com scribed:
On Jan 25, 3:00 pm, "aoksi...@gmail.com" <aoksi...@gmail.comwrote:
On Jan 25, 1:42 pm, Stevo <ple...@spam-me.comwrote:
Ed Jay wrote:
Someone posted the following statement in another ng:
"One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code."
In my naive world, the statement is false. Am I correct? If not, could
someone sketch an example of how js can compromise a user's machine?
There are plenty of security holes in browsers. The stack overflow in
various different media handlers is the most obvious. I don't personally
see how JavaScript increases the risk. It's just as easy to embed a
stack-overflow-causing jpeg without JavaScript as it is with it. Browser
JavaScript is basically running in a sandbox and has limited
capabilities. I can see why you might disable it to try and limit a
site's ability to track you via cookies, but cookies can be set from the
server in the response header anyway so even there it doesn't help too
much. The only real benefit I can think of to disabling JavaScript is to
stop it opening popup windows, but then popup blockers are standard
these days anyway.
Here is an example of JavaScript being used to spread malicious code
and there are many more.
>http://groups.google.com/group/stopb...d/thread/5d418...
Daniel
>http://a-ok-site.com
And another from a different source
http://www.trendmicro.com/vinfo/viru...sp?VName=JS%5F...
Daniel, as I keep telling you in the html group, you are confusing errant js
on a web site with a user's computer being compromised. You keep citing
articles that clearly speak to web site hacking. The above citation states
quite clearly:
"This malicious Javascript is hosted on a Web site and run when a user
accesses the said Web site."
"It accesses Web sites to download files. As a result, malicious routines of
the downloaded files may be exhibited on the affected system."
And, as I've already mentioned, the user must execute the downloaded file to
infect his/her machine. It's the d/l file that causes havoc, not javascript.
If you follow the "Solution" link offered in your citation, it brings you
to:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...>,
in which there is no mention of disabling js to resolve or prevent the
problem.
--
Ed Jay (remove 'M' to respond by email)
I apologize if this turns into a double post, but the links seemed
broken in the first.
Please read this http://www.trendmicro.com/vinfo/viru...%2EAQ&VSect=Sn
and this http://www.trendmicro.com/vinfo/viru...E%2EAQ&VSect=T
Daniel http://a-ok-site | | This discussion thread is closed Replies have been disabled for this discussion. | |  Question stats - viewed: 1195
- replies: 9
- date asked: Jan 25 '08
|
