[svlug] Viruses (was: virus FUD)

Chris Waters xtifr at dsp.net
Sat May 13 11:24:37 PDT 2000


Walter Reed <walt at hubinternet.com> writes:

> On Sat, May 06, 2000 at 11:06:24PM -0700, Jonathan Cobb wrote:
> > I'd be curious if anyone else knows of any significant "ugly side
> > effects" that can be perpetrated by simple HTML/JavaScript.

> Check out the bugtraq archives. Everytime there is a new release of
> Netscape, there are reports of new javascript vunerabilities. The
> solution has always been, "disable javascript."

One thing I've been hoping Mozilla will add is an ability to select
which sites you are willing to trust to send you javascript, the way
you can select which sites you trust to send you cookies.

Hmm, perhaps it's time to try out my Bugzilla account with a wishlist...

Of course, this is still slightly less secure, as the site can be
hacked, and javascript usually has more immediate consequences than
cookies (especially if you automatically reject cookies from secondary
sites).  But it would still be a nice feature.  I like the javascript
at www.lokigames.com, but don't necessarily want it on at
www.digicrime.com (a real and very entertaining and educational site,
but one that should be explored with caution if you don't have another
VT to switch to and knowledge of how to kill your now-hung browser and
maybe xserver from the command-line.)

cheers
-- 
Chris Waters   xtifr at dsp.net | I have a truly elegant proof of the
      or    xtifr at debian.org | above, but it is too long to fit into
http://www.dsp.net/xtifr     | this .signature file.





More information about the svlug mailing list