[Gllug] Open Source Hardware User Group meeting on Thursday.
damion.yates at gmail.com
damion.yates at gmail.com
Wed May 12 02:10:43 UTC 2010
On Wed, 28 Apr 2010, general_email at technicalbloke.com wrote:
> Dan Kolb wrote:
> > On Tue, Apr 27, 2010 at 02:12:58PM +0100,
> > general_email at technicalbloke.com wrote:
> >
> >> Actually there isn't if you are browsing with Javascript disabled -
> >> does anyone browse with it enabled by default these days!?
> >
> > About 99.9% of people on the internet?
>
> But I'll wager considerably less on this list no? I'm surprised if
> not, seeing as pretty much every security exploit out there leverages
> either Javascript, Japa applets or Flash.
Okay flash and Java have (even VERY recently) had actual exploits
permitting arbitrary code execution. Actually you're forgetting the
numerous libjpeg and libpng exploits on just viewing malicious images!
However which Javascript exploits are you talking about?
Are you confusing poor html/js on websites permitting cross-site issues?
Those only affect data related to those sites such as cookies or post
data on a mistaken click you make. Sure that cookie can let somebody
log in as you, but that's whichever noddy poorly coded website's
problem. It doesn't 0wn your system or permit access to other important
auth data/cookies for other domains*.
Damion
*excluding IE and Safari which both have had famously poor/insecure JS
engines. We're talking Linux so presumably Chromium with V8 JS Engine
is what you have?
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list