@Scott, With a bit of creativity, practically anything is possible! You’re right in that the JS could not have DIRECT access to the user’s file system, but as explained in https://nakedsecurity.sophos.com/2016/06/20/ransomware-thats-100-pure-javascript-no-download-required/, one could simply use JS to connect to a server to install a malicious exe, which it could then run. Essentially, the JS could easily apply a cipher to the file to thus “encrypt it”, and use the exe to rewrite the file content with this encrypted text. The exe could also handle deletion of backups, or pretty much anything else needed.
On Sat, Aug 21, 2021 at 7:02 PM Scott Simmons (Secret-HQ) < [email protected]> wrote: > On Tuesday, August 17, 2021 at 9:12:15 AM UTC-4 [email protected] wrote: > > What makes this more dangerous than the iframe is that it has DIRECT >> ACCESS to your TW instance, so practically anything can be done. For >> example, I could steal your tiddlywiki instance, encrypt it, and hold it >> for ransom, as soon as your page loaded. >> > > Just to make sure I'm understanding correctly: That *particular* attack > wouldn't yield much fruit, would it? The attacker would have an encrypted > version of TiddlyWiki only xe could access, but the original user would > still have the version xe opened on xir local hard drive or the Web site xe > loaded the page from in the first place. All that would be encrypted for > ransom would be the session-specific instance of that file, not the source > file (which the browser can't encrypt and save over on the fly). > > Or am I misunderstanding? > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/25edd7f6-9dcc-4109-8fb8-51884c6382acn%40googlegroups.com > <https://groups.google.com/d/msgid/tiddlywiki/25edd7f6-9dcc-4109-8fb8-51884c6382acn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CALXL%2BrPestGT_%3DGf4t_TvsNzoWCjh7PA9jzpsip96jObAAjY1g%40mail.gmail.com.
