On Sat, 2011-07-02 at 16:45 -0700, JD wrote: > On 07/02/2011 01:07 PM, Craig White wrote: > > On Fri, 2011-07-01 at 21:14 -0700, JD wrote: > > > >> You are right. > >> It turns out it does it via the intruder which the whole > >> world was deceived by Sun that it only plays in a sandbox > >> and has no access to anything outside that sandbox: Javascript. > > ---- > > what does javascript have to do with Sun? It is not java. It doesn't > > share anything at all with java except the name which was an unfortunate > > choice. > > ---- > >> So I used noscript to disable scripts from 192.168.1.254 > >> and access to my drive went away. > >> > >> When will the linux community wake up and shout out loud: > >> Kill JavaScript from all browsers and all network servers > >> and network clients. > > ---- > > turn off javascript and the Internet is almost unusable. I think you > > were close when you realized that your 'router' is likely an attack > > vector because many of the retail/home intended routers are known to > > have been compromised. > > ---- > >> It is THE trojan horse hiding in plain site and can access > >> EVERYTHING on your system that YOU have access to and > >> send it back to whatever destination the javascript was > >> written to send it to. > >> > >> Common people! JAVASCRIPT being executed by your > >> browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!! > > ---- > > http://en.wikipedia.org/wiki/Javascript > > > > Sandbox implementation errors > > > > Web browsers are capable of running JavaScript outside > > of the sandbox, with the privileges necessary to, for > > example, create or delete files. Of course, such privileges > > aren't meant to be granted to code from the web. > > > > What you have demonstrated is one of the many reasons not to run GUI as > > root but you only saw the files/folders that you could see with a tool > > like nautilus or dolphin with exactly the same privileges so I guess I > > can't understand your hysterics. > > > > If noscript gives you peace of mind, then use it. > > > > Craig > > > > > Why do you resort to name calling? > It is not hysterics. > A javascript sent by we site can, if written > to do so, open your files and upload them to > some remote site; and you call this hysterics? > Something is wrong with your thinking to resort > to name calling. > I think user's awareness, that javascripts are indeed > invasive and a great threat to privacy, needs to be > raised. Most users are unaware of this threat. ---- I'm probably wasting my time here but nowhere did I resort to anything even remotely close to name calling. I wonder if you confused my one entry into this thread with others or simply have a comprehension problem. The post I responded to... > It is THE trojan horse hiding in plain site and can access > EVERYTHING on your system that YOU have access to and > send it back to whatever destination the javascript was > written to send it to. > > Common people! JAVASCRIPT being executed by your > browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!! if that isn't hysterics, then I don't know what is. The sky is not falling. Craig Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
