JavaScript insecurities

Discussion in 'other security issues & news' started by ronjor, Jul 28, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Article
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Not surprising I say. Javascript vulnerabilities have been around for quite some time.
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I have java and Javascript disabled when I use Tor, otherwise Firefox broadcasts my correct IP not the one Tor assigns.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Using javascript is dangerous, because simply put, it is like an exe file, which will browser download into PC, it will run it without asking and it can do almost anything (proved in topic). The user rely on Anti-Soft, that thanks to its heuristic or signatures, it will recognize, if there is a malicious code. Anti-Soft is good as a layer defense, but JS should be disabled by default.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Besides the security aspect, javascript has another serious drawback, it slows down webpage loading a lot. It´s really ridiculous how long it takes for some pages to load. Of course I´m not saying that javascript shouldn´t be used at all, because it can be handy sometimes, but I think website designers should seriously limit their script usage. :cautious:
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    More javascript trouble in the following article, and interesting to note, not only websites should be audited to prevent this stuff, but browsers (or perhaps anti-malware tools?) should also come up with new protection methods to protect against this stuff. :)

    http://www.securityfocus.com/news/11405
     
    Last edited: Aug 6, 2006
  7. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    I run NOSCRIPT in FF and feel reasonably happy that this allows me to control my exposure.

    Fairy
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yeah a tool like NoScript can be handy, however often you will browse to a site that needs scripting enabled, otherwise it won´t work. So you end up enabling scripting anyway. :blink:

    But I´m waiting for the new Maxthon v2 browser, in the new version, plugins will work even with scripting disabled. And it will also give you the option to set "Download Control" options (Javascript, ActiveX etc.) per page.

    I´ve noticed that a lot of my favorite websites do not need scripting anyway, so I will probably turn it off. It also speeds up browsing quite a lot. But there is always the problem mentioned above and trusted sites (with scripting enabled) sometimes also get hacked.
     
  9. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Kind of overstating it I think. Replace activeX with javascript and you are closer.
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    *Hugs noscript extension*
     
Loading...
Thread Status:
Not open for further replies.