Gary Funck wrote (quoting newsfactor.com): > An additional line of defense is to disable JavaScript on untrusted > Web sites, he added.
This is becoming an increasingly useless step at the macro level -- a "trusted" website. More and more websites are now allowing "user supplied" javascript. If you trust facebook or myspace, you're trusting all the javascript on all the user pages and even some "leave comment" areas. If that's not bad enough, every purveyor of meta-deta these days seems to be rushing to be the next to allow embedded javascript. Look at Quicktime, PDF, etc. Javascript is evil. But rather than seeing any sense of restraint, control, or restrictions; instead the web design and content management world is making a mad dash to be the next lemming. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
