Personal Development for Smart People Forums - View Single Post

ixmatus · 12-29-2008, 01:31 AM

I was originally going to post this as a reply post but realized I've seen this issue so many times I decided to make it a thread.

Any and all users that browse the web without a script blocker are basically handing every access right for their computer over to the author of the website they are browsing.

How is this possible? One word: Javascript.

What does it do, why Javascript? While Javascript enables some very cool features on many popular benign websites/web applications, it is also commonly used for malicious/irritating reasons. Javascript is a scripting mechanism providing full access to the resources of the web browser on your computer so fancy effects can be achieved. Again - Javascript executes on your computer!

Isn't it sandboxed to the process that the browser is running in though? Yes and no. There have been many cases in which malicious Javascript can execute commands through bugs in the browser directly on your machine - remove files, install programs, install rootkits, SpyWare, keylog, even grab your browser cache and browser stored passwords.

The solution? Javascript blocking software. NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction blocks any/all javascript globally and asks you to 'allow' sites that you trust (so you can use Javascript).

Many times it's just the annoying Javascript that you end up blocking - but it is none-the-less annoying Javascript; worth blocking!

If you aren't using Firefox w/ NoScript (and/or AdBlock Plus) you should!

12-29-2008, 01:31 AM	#1 (permalink)
ixmatus Senior Member Join Date: Oct 2007 Location: Vegas Baby! Posts: 162	I've been hacked! I was originally going to post this as a reply post but realized I've seen this issue so many times I decided to make it a thread. Any and all users that browse the web without a script blocker are basically handing every access right for their computer over to the author of the website they are browsing. How is this possible? One word: Javascript. What does it do, why Javascript? While Javascript enables some very cool features on many popular benign websites/web applications, it is also commonly used for malicious/irritating reasons. Javascript is a scripting mechanism providing full access to the resources of the web browser on your computer so fancy effects can be achieved. Again - Javascript *executes* on your computer! Isn't it sandboxed to the process that the browser is running in though? Yes and no. There have been many cases in which malicious Javascript can execute commands through bugs in the browser directly on your machine - remove files, install programs, install rootkits, SpyWare, keylog, even grab your browser cache and browser stored passwords. The solution? Javascript blocking software. NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction blocks any/all javascript globally and asks you to 'allow' sites that you trust (so you can use Javascript). Many times it's just the annoying Javascript that you end up blocking - but it is none-the-less annoying Javascript; worth blocking! If you aren't using Firefox w/ NoScript (and/or AdBlock Plus) you should!