[Eug-lug] How secure is Javascript?
Jimmy Hendrix
jimmythedestroyer at gmail.com
Wed Jul 9 16:22:46 PDT 2008
I would love to see the code to do that. Although it is worth noting that
an internal port scan isn't worth much since you would need to crack the
perimeter firewall or take full control of the machine through some other
method before the info is worth anything. Otherwise you would know what
ports are open, but the firewall would stop you from exploiting them.
Jimmy
On Wed, Jul 9, 2008 at 3:57 PM, M. Bitner <moexu13 at gmail.com> wrote:
> I started religiously running NoScript in Firefox after a colleague of
> mine figured out how to write a port scanner in Javascript. So if you
> went to his page with Javascript enabled he would able to have you
> run a scan of your internal network, as your user, with your
> permissions, regardless of firewall settings. So my answer would be
> that even if Javascript has gotten safer it doesn't mean that people
> haven't figured out clever things to do with it that you wouldn't want
> to happen.
>
> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <abrown at peak.org> wrote:
> > I am moderately paranoid about allowing web sites run javascript
> > in my browser. (I use NoScript in Firefox.) Basically I only
> > enable it if I know the owner of the site or trust them because
> > of who they are. Examples: personal friends or banks.
> >
> > Am I being unnecessarily paranoid? Has Javascript gotten good
> > enough that I can let my guard down? How do you all handle this?
> > --
> > Allen Brown abrown at peak.org
> http://brown.armoredpenguin.com/~abrown/<http://brown.armoredpenguin.com/=
%7Eabrown/>
> > Criticism may not be agreeable, but it is necessary. It fulfils
> > the same function as pain in the human body. It calls attention
> > to an unhealthy state of things. --- Sir Winston Churchill
> > _______________________________________________
> > EUGLUG mailing list
> > euglug at euglug.org
> > http://www.euglug.org/mailman/listinfo/euglug
> >
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://euglug.org/pipermail/euglug/attachments/20080709/8bc8bedf/attac=
hment-0001.htm
More information about the EUGLUG
mailing list