Re: Fedora Security and the Uverse 3800HGV-B router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2011-07-01 at 21:14 -0700, JD wrote:

> You are right.
> It turns out it does it via the intruder which the whole
> world was deceived by Sun that it only plays in a sandbox
> and has no access to anything outside that sandbox: Javascript.
----
what does javascript have to do with Sun? It is not java. It doesn't
share anything at all with java except the name which was an unfortunate
choice.
----
> 
> So I used noscript to disable scripts from 192.168.1.254
> and access to my drive went away.
> 
> When will the linux community wake up and shout out loud:
> Kill JavaScript from all browsers and all network servers
> and network clients.
----
turn off javascript and the Internet is almost unusable. I think you
were close when you realized that your 'router' is likely an attack
vector because many of the retail/home intended routers are known to
have been compromised.
----
> It is THE trojan horse hiding in plain site and can access
> EVERYTHING on your system that YOU have access to and
> send it back to whatever destination the javascript was
> written to send it to.
> 
> Common people! JAVASCRIPT being executed by your
> browser on  your system is a HUGE WIDE OPEN SECURITY HOLE!!!
----
http://en.wikipedia.org/wiki/Javascript

  Sandbox implementation errors

  Web browsers are capable of running JavaScript outside 
  of the sandbox, with the privileges necessary to, for 
  example, create or delete files. Of course, such privileges
  aren't meant to be granted to code from the web.

What you have demonstrated is one of the many reasons not to run GUI as
root but you only saw the files/folders that you could see with a tool
like nautilus or dolphin with exactly the same privileges so I guess I
can't understand your hysterics.

If noscript gives you peace of mind, then use it.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux