Re: techport80
On 19 Sep 2002, at 19:11, jbrown105 at speedymail.org wrote:
>
> On 0, Kat <kat at kogeijin.com> wrote:
> > > Thanks for posting the article on Java security. Very informative. I
> > > would like to point out a new key points about that article and that web
> > > page though. Also I agree with you in the fact that newer isn't always
> > > better. Further, I would like to state that JavaScript is used sparingly
> > > on
> > > my website and that you can read anything on my site should you choose to
> > > turn JavaScript off.
> >
> > Strangely, turning it off, *if you can*, doesn't prevent your puter from
> > going
> > out to download the latest addons to the scripting languages, as i found out
> > the hard way a few months ago. They are downloaded, even if you had checked
> > Do
> > Not Run, in case you might want to run them later. The badly botched
> > auto-install deleted/corrupted needed files for IE and Explorer. I am still
> > missing the proper icon for IE, but that's no problem.
> >
>
> Ah, the joys of Linux and Opera 
Well, or remove scripting engines or their required dlls. I can't run the
Melissa virus for example, and i tried to. The code snippet for getting
passwords in OE and Pegasus posted by Martin don't work on me either, i
tried them. For several trojans, even if i did get them, the firewall blocks the
outgoing as well as the incoming, so they can't send back out. Etc.
> > > JavaScript is safe. There is very little you can do with
> > > JavaScript, as a standalone tool, that is not what it was intended to
> > > do. When combined with other tools, JavaScript poses a little more of a
> > > risk, but that risk is minimal.
> >
> > I lost a computer to javascript. The bios was written to, and was not
> > recoverable or replaceable. The harddrive was corrupted, and i lost a lot of
> > material. Javascript is used for redirects, windows that can't be closed,
> > etc
> > etc.
> >
>
> Its hard to believe thats possible. I dont see how javascript can
> corrupt
> a filesystem, or overwrite a BIOS!! What browser and what version and
> which
> site was this?
I don't remember the site, and i doubt it's still up. It was several years ago,
on the olde 586 puter, win95, IE4.something, no proxies or firewalls. The bios
settings were to "no writes" in software, but not jumpered in hardware.
Things are different now, and i agree IE is updated, but still, i got bit badly,
and won't drop my chainmaille again, especially with weekly reports that
assorted bugs in java, javascript, browsers, email readers, etc still exist.
Kat
|
Not Categorized, Please Help
|
|
