|
Posted by Ed Jay on January 25, 2008, 2:53 pm
Please log in for more thread options aoksite1@gmail.com scribed:
>>
>> > aoksi...@gmail.com scribed:
>>
>> > >One significant reason for disabling JavaScript when browsing the
>> > >Internet is that it is a definite security hazard to the user if they
>> > >have JavaScript enabled. There is a lot of malicious code on web
>> > >sites that uses JavaScript to infect the user's computer with
>> > >malicious code.
>>
>> > Please elaborate by providing an example of how js can be used to compromise
>> > a user's computer with malicious code.
>> > --
>> > Ed Jay (remove 'M' to respond by email)
>>
>> You have to be kidding. If you need examples,
visithttp://groups.google.com/group/stopbadwareorhttp://www.stopbadware.org/home.
>>
>> Daniel
>>
>> http://a-ok-site.com
>
>Sorry, I really thought you were kidding. But your post to the other
>you weren't. Take some time and check out the stopbadware group it
>has a lot of great info.
>
You have good eyes, but my post to the js group is intended to start a
discussion, not to answer the base question. As I said in my query there, I
believe your statement to be false, i.e., js cannot be used to infect a
user's machine without the user's express permission.
I checked the stopbadware group. They're not talking about js being used to
infect a user's machine. They're talking about js being injected into
existing sites (hacking). They talk about badware on a user's machine, but
that badware has to be downloaded and executed, e.g., an attachment, exe
file, or packaged clandestinely with another application.
AFAIK, your statement is an artifact from years past when it was incorrectly
propagated that js was a security risk. It isn't (afaik).
--
Ed Jay (remove 'M' to respond by email)
| 
XML Sitemap