On Sun, 3 Feb 2002, Cheryl Homiak wrote: > ... However, I am able to do a lot of shopping online; I do, > however, have concerns that if the Java script issue for linux > isn't soon addressed, much of my shopping will eventuallly be > impossible. Actually, adding complexity is poor security practice. Executable complexity is even worse, and even less likely to be audited adequately, for security: I think javascript on financially oriented web sites is stupid (and there have been security problems with such). And vendors who do unnecessarily fancy stuff make their sites more difficult to navigate, even for sighted users (Sears, for instance is atrocious -- I won't shop there). Do you really think that vendors who don't have a clue about the web and it's culture, and about alt tags, and pages that are adaptable to different devices are somehow, in contrast, especially competent about security? Do you want to trust such vendors with your credit card info, etc? I keep java and javascript turned off in my browser, unless it is absolutely necessary (rarely -- you can usually go elsewhere). My guess is that, as time goes on, and exploits inevitably multiply, the surviving vendors will get more clueful, and keep java and the like out of their pages. If not, you will no doubt see these features included in the textmode browsers, with time (maybe no matter what happens). In the meantime, just relax, and select vendors that have a clue. You don't need the others; the web is a huge place. > It's not that I'm whining and wishing somebody else would do > it; if I had the knowledge and skills, I would definitely be > working on this problem, and I really hope that somebody is > trying to do so. There actually is something you could do: when an 800 number is available, you could call them, or email them, and tell them why you won't do business with them, perhaps with supporting references to passages related to their security practices, such as pointers to choice passages from world class experts. One good site to search for such things is http://www.counterpane.com Example for digital signatures: Why Digital Signatures Are Not Signatures http://www.counterpane.com/crypto-gram-0011.html#1 I've done this, with mixed success: at least my credit union no longer serves web pages from Win-NT (REALLY stupid). I had to ask to talk to someone with decision making power: you'd have to do the same. Don't ask them to accept your word: point them to the world class experts who have published on your topic. And suggest useful key phrases (tested by you) for the search engines (then it can be their idea, in the end). Speed up the education process for the vendors you care about. LCR -- L. C. Robinson reply to no_spam+munged_lcr@onewest.net.invalid People buy MicroShaft for compatibility, but get incompatibility and instability instead. This is award winning "innovation". Find out how MS holds your data hostage with "The *Lens*"; see "CyberSnare" at http://www.netaction.org/msoft/cybersnare.html