[Eug-lug] How secure is Javascript?

M. Bitner moexu13 at gmail.com
Wed Jul 9 16:34:36 PDT 2008 

It might not be much by itself but it would be helpful if you were
gathering information for a more targeted attack. I don't have the
code; I just know that he was working on it and he shared the results
when he got it finished. It took him about a day to do.

On Wed, Jul 9, 2008 at 4:22 PM, Jimmy Hendrix
<jimmythedestroyer at gmail.com> wrote:
> I would love to see the code to do that.  Although it is worth noting that
> an internal port scan isn't worth much since you would need to crack the
> perimeter firewall or take full control of the machine through some other
> method before the info is worth anything.  Otherwise you would know what
> ports are open, but the firewall would stop you from exploiting them.
>
> Jimmy
>
> On Wed, Jul 9, 2008 at 3:57 PM, M. Bitner <moexu13 at gmail.com> wrote:
>>
>> I started religiously running NoScript in Firefox after a colleague of
>> mine figured out how to write a port scanner in Javascript. So if you
>> went to his page with Javascript  enabled he would able to have you
>> run a scan of your internal network, as your user, with your
>> permissions, regardless of firewall settings. So my answer would be
>> that even if Javascript has gotten safer it doesn't mean that people
>> haven't figured out clever things to do with it that you wouldn't want
>> to happen.
>>
>> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <abrown at peak.org> wrote:
>> > I am moderately paranoid about allowing web sites run javascript
>> > in my browser.  (I use NoScript in Firefox.)  Basically I only
>> > enable it if I know the owner of the site or trust them because
>> > of who they are.  Examples: personal friends or banks.
>> >
>> > Am I being unnecessarily paranoid?  Has Javascript gotten good
>> > enough that I can let my guard down?  How do you all handle this?
>> > --
>> > Allen Brown  abrown at peak.org
>> >  http://brown.armoredpenguin.com/~abrown/
>> >  Criticism may not be agreeable, but it is necessary. It fulfils
>> >  the same function as pain in the human body. It calls attention
>> >  to an unhealthy state of things. --- Sir Winston Churchill
>> > _______________________________________________
>> > EUGLUG mailing list
>> > euglug at euglug.org
>> > http://www.euglug.org/mailman/listinfo/euglug
>> >
>> _______________________________________________
>> EUGLUG mailing list
>> euglug at euglug.org
>> http://www.euglug.org/mailman/listinfo/euglug
>
>
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
>

More information about the EUGLUG mailing list