[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!

Steven Dobson steve at dobson.org
Sun Aug 13 23:21:54 UTC 2006


Al

On Sun, 2006-08-13 at 23:28 +0100, Al Bennett wrote:
> Hello from Edinburgh!  (Hoots mon, see you Jimmy, you'll have had your tea 
> etc)

Hope you like your new home.

> > This is a proof of concept.  It isn't trying to be malicious.
> 
> Is it just me, or does this proof of concept not prove very much?
<snip>
> Or am I missing something?

I think you're missing something.

Many devices are network configurable these days.  It has just be
released, but there is a bug in some Linksys routers that would allow a
JavaScript virus to cause a buffer overrun in the router and thus
compomise your router/firewall.

Anyway do you want someone else's code looking at the data on your LAN.
I don't know about you but I assumes that anything connected to my LAN
is trustworthy.  I don't trust systems in my DMZ as much, and I
definitly don't trust anything on the WAN mat all, but my LAN - that I
trust.

Steve



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060813/09b97b6b/attachment.pgp 


More information about the Sussex mailing list