[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!

Steven Dobson steve at dobson.org
Sun Aug 13 18:23:11 UTC 2006


Paul

On Sun, 2006-08-13 at 17:14 +0100, Paul Graydon wrote:
> Well, I tried it on mine, we've got an old Netgear ADSL router, with 
> uPnP turned on for the internal network, as it allows programs like 
> azureus to open up ports as and when I use the program rather than 
> having them open all the time or remembering to re-add the rule each time.
> 
> Doesn't seem to achieve anything other than know my win32 box exists and 
> thats it.  Can't complain much about that. *shrug*

This is a proof of concept.  It isn't trying to be malicious.

I just hope you don't go to a site that runs something that on you win32
box that uses uPnP to open up ports to allow some hacker into your
network.

Steve

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060813/bbca26c2/attachment.pgp 


More information about the Sussex mailing list