Thanks for that. I have done a little research and I am not sure that all of the things you mention are as risky as you suggest. The OS you are using does make a difference, as I understand it, because the JS exploit will be downloading the malicious executable from a web site rather than actually carrying out the exploit itself. Also, the malicious JS will need to exploit a browser vulnerability - so if you keep you browser up to date there should not be much risk; the malware writers find the vulnerabilities from the browser authors when they plug the holes and issue and update.
Anyway, this is off topic really, I apologise and you're right there is a risk. But I am happy to continue with _javascript_ enabled on my computers.
Tony
On 1 October 2011 20:44, david <gnome@xxxxxxxxxxxxx> wrote:
Your OS makes no difference: malicious _javascript_ uses the browser as its platform, not the OS.
It's possible to _javascript_ to turn your browser session into a bot; it's possible to use _javascript_ to probe networks hidden behind routers and firewalls, identify targets and route target-specific attacks to those targets; it's possible for _javascript_ to capture login IDs and passwords.
It's possible to use _javascript_ to track what sites you go to and what you do there - which is why Google says its OK to run _javascript_. Their Google Analytics tool requires _javascript_. So if someone has _javascript_ turned off, Google doesn't get any tracking information to use and sell to their paying customers.
There's no need to require _javascript_ for site navigation.
Tony Austin wrote:
Is _javascript_ so bad? Why turn it off? I am happy to have it on all the time and the worries are much less under Linux. It's not Java or ActiveX after all.On 1 October 2011 10:34, Arve Barsnes wrote:
On 1 October 2011 08:53, Lorenzo Sutton wrote:
> On 10/01/2011 04:14 AM, Ken Restivo wrote:
>>
>> On Sat, Oct 01, 2011 at 03:00:02AM +0200, Peter Crighton wrote:
>>>
>>> Hello list,
>>> I just wanted to let you know that I started a new blog about
>>> Recording on Linux: http://linux-recording.blogspot.com/<http://blogblog.com> this>>> The first entry (well, not counting the introduction here) is about
>>> using the Analogue Drums Big Mono drumkit with Hydrogen. Let me
know
>>> what you think about the blog, any constructive criticism is much
>>> appreciated!
>>>
>>
>> *sigh*, Google, doesn't anyone use HTML anymore?
>>
>> This is what that website looks like with _javascript_ turned off:
>>
>> http://storage.restivo.org/misc/blogger.jpg
>>
>> I'm sure it's a fantastic blog, but, I dunno what Google has
done to it.
>
> If truth be told it seems a problem with this particular blog
(which by the
> way seems a very cool idea ;) - other blogspot blogs seem to work
with
> _javascript_ turned off.
>
> I'm not a blogger user so I'm not sure what google puts in when
you create a
> blog and what it leaves to the user. Maybe, the massive use of
_javascript_
> comes in for recently created ones?
>
> That said. Yes it seems that google is pushing more and more for
the use of
> _javascript_ see e.g.
>
http://googlesystem.blogspot.com/2007/05/no-_javascript_-no-google-navigation.html
>
It seems that, without allowing _javascript_ from blogblog.com
particular blog doesn't work at all. Is that also owned by Google?
Arve
--
David
gnome@xxxxxxxxxxxxx
authenticity, honesty, community
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-user
_______________________________________________ Linux-audio-user mailing list Linux-audio-user@xxxxxxxxxxxxxxxxxxxx http://lists.linuxaudio.org/listinfo/linux-audio-user
