New Software

[John Fitzsimons]

I use them on my site, but I suppose you won't miss much with them off.
Altough I noticed lately that the rise in spambots has led many sites to
hide their email addresses using javascript.

< snip >

OR one can encrypt their email link :

http://www.damselsoft.freeservers.com/main2.html#

Regards, John.

--
****************************************************
,-._|\ (A.C.F FAQ) http://clients.net2000.com.au/~johnf/faq.html
/ Oz \ John Fitzsimons - Melbourne, Australia.
\_,--.x/ http://www.aspects.org.au/index.htm
v http://clients.net2000.com.au/~johnf/

 

[Sietse Fliege]

John Fitzsimons wrote:

<A waste of space>

I no longer will dignify your silly contributions in this thread with a
full reply.

End of discussion

 

[Sietse Fliege]

ozzy wrote:

Please checkout some respected sites references:

<snip>

Some respected sites references ?????

Riiiight!

On one of these sites I read the recommendation to do a google search
with the words javascript and dangers.

I followed that : http://www.google.com/search?q=javascript+dangers

I found that *all* the links you provided are on the first two pages of
results.
I'm convinced that all you have done is do the same search and select
the "best" on these pages.

Is that all you have to offer? A google search?
How disappointing, as I hoped to see a connaisseurs top list of
references.

Even more disappointing that all these links are utterly useless with
regards to what you claim.
Some of the links are even completely irrelevant.

I suggest to follow a much more useful link.

Do you know TomCat, of TomCat's Spyware List's fame?
http://www.tom-cat.com/spybase/index.html

He also has this page on the subject of JavaScript:
http://www.tom-cat.com/javascript.html

Recommended!

 

[Alan]

ozzy wrote:



<snip>

Some respected sites references ?????

Is that all you have to offer? A google search?
How disappointing, as I hoped to see a connaisseurs top list of
references.

Even more disappointing that all these links are utterly useless with
regards to what you claim.
Some of the links are even completely irrelevant.

Disappointing result for somebody who's been "coding over 30 yrs" too.
But then again, for an issue that's often blown out of all proportion by
those with little/confused knowledge or a "hidden" agenda[1], it's not
surprising that the available material is decidedly scrappy. That's no
excuse for blindly quoting a bunch of URLs without even screening them
for content though - you don't need *any* expertise to do that. One
wonders how carefully his code is checked before it goes live. I hope I
have more to show for my (almost) 35 years of coding .

[1]The hidden agenda is, of course, often the you-know-who bash. The
laughable part is that the peddlers of the propaganda aren't
knowledgable enough to realise that the evil javascript was a concoction
of Netscape.

 

[Aaron]

On one of these sites I read the recommendation to do a google search
with the words javascript and dangers.

I followed that : http://www.google.com/search?q=javascript+dangers

I found that *all* the links you provided are on the first two pages of
results.
I'm convinced that all you have done is do the same search and select
the "best" on these pages.

Is that all you have to offer? A google search?
How disappointing, as I hoped to see a connaisseurs top list of
references.

Disappointing, Google does so badly. Still it does explain why all the
sites that were presented were mostly old sites. Plus the Site on search
engine optmisation, naturally they rank well in google

I suggest to follow a much more useful link.

Do you know TomCat, of TomCat's Spyware List's fame?
http://www.tom-cat.com/spybase/index.html

He also has this page on the subject of JavaScript:
http://www.tom-cat.com/javascript.html

Much better. This appears to be the crux of the matter

"Fact:
JavaScript cannot read or write local files and cannot open network
connections except within the confines of browser capabilities... and you
are in control of setting those rules!

JavaScript alone is not a threat. The threat comes when JavaScript is
used to execute some "other action" such as placing hostile active
content in the form of an ActiveX Control, Java Class file, or some other
executable content on your computer"

Okay, we are assuming JS works as it is supposed to, in which case, if
you are careful about Java and Activex controls you can be fairly secure.
This is in the ideal world, where everything works as it supposed to.


Unfortunately, many of the exploits/bugs found, can only be executed if
Javascript is on. Still, that's a pretty rare case, I feel the risks of
Javascript is acceptable.

Recommended!

Aaron

 

[Alan]

Alan wrote:

[1]The hidden agenda is, of course, often the you-know-who bash. The
laughable part is that the peddlers of the propaganda aren't
knowledgable enough to realise that the evil javascript was a
concoction of Netscape.

Please re-read my original post & response to yours & Alan's recent
entries. At no time in any of my posts did I 'bash' anyone... either
MS nor Netscape. Nor did intend to project a hidden agenda.

Yes, I can see the possible misinterpretation of my reference to the
bashers/ hidden agenda. I referred to the author of the link you gave:
http://kimihia.org.nz/articles/cookies/activex
as having the (actually fairly obvious ) hidden agenda, in one of my
previous posts. I carried it through to the above without qualification,
hence the possible confusion. I did not intend those remarks be directed
at you.

 

[Alan]

Much better. This appears to be the crux of the matter

"Fact:
JavaScript cannot read or write local files and cannot open network
connections except within the confines of browser capabilities... and
you are in control of setting those rules!

JavaScript alone is not a threat. The threat comes when JavaScript is
used to execute some "other action" such as placing hostile active
content in the form of an ActiveX Control, Java Class file, or some
other executable content on your computer"

Okay, we are assuming JS works as it is supposed to, in which case, if
you are careful about Java and Activex controls you can be fairly
secure. This is in the ideal world, where everything works as it
supposed to.


Unfortunately, many of the exploits/bugs found, can only be executed
if Javascript is on. Still, that's a pretty rare case, I feel the
risks of Javascript is acceptable.

Well sourced Sieste, and well summarised Aaron.
This should settle the matter with FACTS, quite different to the
"information" tendered at the start of the thread.

Another point made by Therese is the annoyance usage of JS. Whilst not
malicious in intent or a security threat, it is (usually) undesirable.
Enter the Proxomitron, and similar pest controllers. Together with the
appropriate clientside security measures mentioned by Aaron, this will
pretty much ensure that JS appears at the client end as an enhancement,
as it was intended, rather than a threat/ pest.

This thread was very worthwhile IMO.

 

[Roger Johansson]

Well sourced Sieste, and well summarised Aaron.
This should settle the matter with FACTS, quite different to the
"information" tendered at the start of the thread.

It also shows the value of having a browser like Opera where you can
disable all the dangerous file formats like active-x, flash, java,
etc.. but leave javascript on to handle all the web sites where it is
used responsibly.

That is what I have done.

It's a pity there is no freeware browser which let us set the default
action of every file format independently like in Opera.

I also use Proxomitron to stop javascript from doing nasty things like
disabling rightclick and other things which cripple my browser or
change it in ways I do not like.

 

[John Fitzsimons]

Well sourced Sieste, and well summarised Aaron.
This should settle the matter with FACTS, quite different to the
"information" tendered at the start of the thread.

< snip >

The "information" at the start of the thread was that I pointed out
that JS could be a danger to people. You now, very reluctantly, seem
to be admitting that this can occur. Why didn'y you check your FACTS ?

Let's look at a fuller quote from that page :

"JavaScript alone is not a threat. The threat comes when JavaScript is
used to execute some "other action" such as placing hostile active
content in the form of an ActiveX Control, Java Class file, or some
other executable content on your computer. These are little programs,
much like plug-ins, that are downloaded to your computer in order to
allow a certain event to take place such as auto-installing a program
or update, or running some visual or interactive effect."

Perhaps with your 30+ years experience in computer matters you can
explain to "newbies" like myself why..

when "auto installing a program" that "program" couldn't be

(A) a trojan ?

or

(B) a virus ?

or

(C) spyware ?

or

(D) a browser highjacker ?

etc. etc.

A visit to newsgroups like alt.privacy.spyware seems to suggest that
auto installing programs are becoming increasingly common. Though
your anti-security/privacy stance might be endangered if you stay
there for too long.

Regards, John.

--
****************************************************
,-._|\ (A.C.F FAQ) http://clients.net2000.com.au/~johnf/faq.html
/ Oz \ John Fitzsimons - Melbourne, Australia.
\_,--.x/ http://www.aspects.org.au/index.htm
v http://clients.net2000.com.au/~johnf/