[Eug-lug] How secure is Javascript?

Allen Brown abrown at peak.org
Wed Jul 9 16:14:34 PDT 2008 

Not so long ago, then.  Paranoia is feeling cozy and fine.
Thank you for the info.
-- 
Allen Brown
http://brown.armoredpenguin.com/~abrown

> He was our security guy and it was a proof of concept. It was within
> the last year so I would imagine it's still possible.
>
> On Wed, Jul 9, 2008 at 3:59 PM, Allen Brown <abrown at peak.org> wrote:
>> Alarming.  How recent was that?  Do you know if this is still possible?
>> --
>> Allen Brown
>> http://brown.armoredpenguin.com/~abrown
>>
>>> I started religiously running NoScript in Firefox after a colleague of
>>> mine figured out how to write a port scanner in Javascript. So if you
>>> went to his page with Javascript  enabled he would able to have you
>>> run a scan of your internal network, as your user, with your
>>> permissions, regardless of firewall settings. So my answer would be
>>> that even if Javascript has gotten safer it doesn't mean that people
>>> haven't figured out clever things to do with it that you wouldn't want
>>> to happen.
>>>
>>> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <abrown at peak.org> wrote:
>>>> I am moderately paranoid about allowing web sites run javascript
>>>> in my browser.  (I use NoScript in Firefox.)  Basically I only
>>>> enable it if I know the owner of the site or trust them because
>>>> of who they are.  Examples: personal friends or banks.
>>>>
>>>> Am I being unnecessarily paranoid?  Has Javascript gotten good
>>>> enough that I can let my guard down?  How do you all handle this?
>>>> --
>>>> Allen Brown  abrown at peak.org
>>>> http://brown.armoredpenguin.com/~abrown/
>>>>  Criticism may not be agreeable, but it is necessary. It fulfils
>>>>  the same function as pain in the human body. It calls attention
>>>>  to an unhealthy state of things. --- Sir Winston Churchill
>>>> _______________________________________________
>>>> EUGLUG mailing list
>>>> euglug at euglug.org
>>>> http://www.euglug.org/mailman/listinfo/euglug
>>>>
>>> _______________________________________________
>>> EUGLUG mailing list
>>> euglug at euglug.org
>>> http://www.euglug.org/mailman/listinfo/euglug
>>>
>>
>>
>> _______________________________________________
>> EUGLUG mailing list
>> euglug at euglug.org
>> http://www.euglug.org/mailman/listinfo/euglug
>>
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>

More information about the EUGLUG mailing list