[Eug-lug] How secure is Javascript?
M. Bitner
moexu13 at gmail.com
Wed Jul 9 15:57:30 PDT 2008
I started religiously running NoScript in Firefox after a colleague of
mine figured out how to write a port scanner in Javascript. So if you
went to his page with Javascript enabled he would able to have you
run a scan of your internal network, as your user, with your
permissions, regardless of firewall settings. So my answer would be
that even if Javascript has gotten safer it doesn't mean that people
haven't figured out clever things to do with it that you wouldn't want
to happen.
On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <abrown at peak.org> wrote:
> I am moderately paranoid about allowing web sites run javascript
> in my browser. (I use NoScript in Firefox.) Basically I only
> enable it if I know the owner of the site or trust them because
> of who they are. Examples: personal friends or banks.
>
> Am I being unnecessarily paranoid? Has Javascript gotten good
> enough that I can let my guard down? How do you all handle this?
> --
> Allen Brown abrown at peak.org http://brown.armoredpenguin.com/~abrown/
> Criticism may not be agreeable, but it is necessary. It fulfils
> the same function as pain in the human body. It calls attention
> to an unhealthy state of things. --- Sir Winston Churchill
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
More information about the EUGLUG
mailing list