On 2/27/07, Bryan Fordham <[EMAIL PROTECTED]> wrote:
on a more general note: Does anyone actually have an example of how javascript can compromise your anonymity? Not "it can obtain your IP"-type stuff, but actual code.
consider the drive-by pharming style attack: http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html malicious javascript connects to your router, and if using defaults, can open up an external telnet management service, change your DNS server, basically leverage your router for any number of secondary attacks.
