On Saturday 02 July 2011 15:50:18 JD wrote: > On 07/02/2011 01:32 AM, Reindl Harald wrote: > > Am 02.07.2011 06:14, schrieb JD: > >> It is THE trojan horse hiding in plain site and can access > >> EVERYTHING on your system that YOU have access to and > >> send it back to whatever destination the javascript was > >> written to send it to. > > > > if you would have a little background you would know that > > as example you can not select and upload files as example > > If a javascript can browse all accessible files, what's there > to prevent someone from writing a javascript to spawn > a process to upload your files? Permissions system? While the contents of / directory can be listed by just about any user on the system, it's a completely different story for writing to it. Also, can you browse through home directories of other users from the router? I doubt. > A simpler example, how do you think a javascript can > tell that you have been to some particular site? > It uploads your cookies. > > >> Common people! JAVASCRIPT being executed by your > >> browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!! > > > > so stop whining and install "noscript" and click not on every link > > wanting remove javascript from the browsers is polemic and childish > > Yes, I do have noscript. > And in addition, Firefox gives us the option > to disable javascript under the tab > Edit->Preferences->Content > However, hundreds of millions of people are > oblivious to this threat. While I don't particularly like javascript myself, I disagree that it is a serious security threat. At least on Linux (Windows is a completely different story). > If it is not made a public issue, people will not > become aware of it and continue to be invaded > and their personal files be compromised. > And I was not expecting the router to send > such javascript at me, so I had allowed scripts for it. > What a surprise that was! When you see a person dissapear from a magician's box and reappears on the other side of the stage, are you equally suprised that the magician has supernatural powers that nobody bothers to investigate? Or is it just a simple con? Go create a new dummy user on your machine, create somefile.txt in his home directory, log in as yourself and try to view the file using the router. If you succeed, the permissions on your system are compromised. If you don't, then you are fussing over that router more than it's worth. In both cases I doubt that javascript has much to do with it. HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
