Re: Fedora Security and the Uverse 3800HGV-B router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/02/2011 05:34 PM, Ed Greshko wrote:
> On 07/03/2011 07:45 AM, JD wrote:
>> Why do you resort to name calling?
>> It is not hysterics.
>> A javascript sent by we site can, if written
>> to do so, open your files and upload them to
>> some remote site; and you call this hysterics?
>> Something is wrong with your thinking to resort
>> to name calling.
>> I think user's awareness, that javascripts are indeed
>> invasive and a great threat to privacy, needs to be
>> raised. Most users are unaware of this threat.
>>
> Let's put it a different way then.....
>
> Turn off javascript in your Browser for a day and see how your Internet
> experience is affected.  Then consider for a moment your statement that
> "javascripts are indeed invasive and a great threat to privacy, needs to
> be raised. Most users are unaware of this threat" in relationship to how
> long javascript has been in use and how widely it is used as well as
> your current level of familiarity with javascript.
>
> If  javascript is as great a threat as you seem to think, then wouldn't
> you think there would be a concerted effort to fix the problem?  Don't
> you think that by now people with much more experience would be raising
> the alarms?
>
> FWIW, I've found that one of the biggest mistakes I've made in the past
> is to come to conclusions based on observations when I was ignorant of
> the underlying theory/principles/subject.
>
> If you are interested in learning more, maybe you should start by
> picking up a copy of  http://oreilly.com/catalog/9780596000486
Thanx Ed.
I may not be a javscript expert. But here is a tiny tip of the problem:

An Empirical Study of Privacy-Violating Information Flows in JavaScript 
Web Applications
http://cseweb.ucsd.edu/~lerner/papers/ccs10-jsc.pdf

JavaScript Scope and IntenseDebate's Privacy Problems
http://www.mavitunasecurity.com/blog/javascript-scope-and-intensedebates-privacy-problems/

"...JavaScript has a more troubling history of security holes...."
http://www.w3.org/Security/Faq/wwwsf2.html

Quote:
/" ...Javascript/ is a client language, but you /can/ combine it whit a 
server language to /delete files/. in PHP you /can/ use unlink() 
function to /delete file/. *...*"
http://digitarald.de/forums/topic.php?id=110
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux