Not so long ago, then. Paranoia is feeling cozy and fine. Thank you for the info. -- Allen Brown http://brown.armoredpenguin.com/~abrown
> He was our security guy and it was a proof of concept. It was within > the last year so I would imagine it's still possible. > > On Wed, Jul 9, 2008 at 3:59 PM, Allen Brown <[EMAIL PROTECTED]> wrote: >> Alarming. How recent was that? Do you know if this is still possible? >> -- >> Allen Brown >> http://brown.armoredpenguin.com/~abrown >> >>> I started religiously running NoScript in Firefox after a colleague of >>> mine figured out how to write a port scanner in Javascript. So if you >>> went to his page with Javascript enabled he would able to have you >>> run a scan of your internal network, as your user, with your >>> permissions, regardless of firewall settings. So my answer would be >>> that even if Javascript has gotten safer it doesn't mean that people >>> haven't figured out clever things to do with it that you wouldn't want >>> to happen. >>> >>> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <[EMAIL PROTECTED]> wrote: >>>> I am moderately paranoid about allowing web sites run javascript >>>> in my browser. (I use NoScript in Firefox.) Basically I only >>>> enable it if I know the owner of the site or trust them because >>>> of who they are. Examples: personal friends or banks. >>>> >>>> Am I being unnecessarily paranoid? Has Javascript gotten good >>>> enough that I can let my guard down? How do you all handle this? >>>> -- >>>> Allen Brown abrown at peak.org >>>> http://brown.armoredpenguin.com/~abrown/ >>>> Criticism may not be agreeable, but it is necessary. It fulfils >>>> the same function as pain in the human body. It calls attention >>>> to an unhealthy state of things. --- Sir Winston Churchill >>>> _______________________________________________ >>>> EUGLUG mailing list >>>> [email protected] >>>> http://www.euglug.org/mailman/listinfo/euglug >>>> >>> _______________________________________________ >>> EUGLUG mailing list >>> [email protected] >>> http://www.euglug.org/mailman/listinfo/euglug >>> >> >> >> _______________________________________________ >> EUGLUG mailing list >> [email protected] >> http://www.euglug.org/mailman/listinfo/euglug >> > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
