linuxaudio.org

--0016e64bdb7a172bdd04ae422d96

Content-Type: text/plain; charset=ISO-8859-1
David
Thanks for that.  I have done a little research and I am not sure that all

of the things you mention are as risky as you suggest.  The OS you are using

does make a difference, as I understand it, because the JS exploit will be

downloading the malicious executable from a web site rather than actually

carrying out the exploit itself.  Also, the malicious JS will need to

exploit a browser vulnerability - so if you keep you browser up to date

there should not be much risk; the malware writers find the vulnerabilities

from the browser authors when they plug the holes and issue and update.
Anyway, this is off topic really, I apologise and you're right there is a

risk.  But I am happy to continue with JavaScript enabled on my computers.
Tony
On 1 October 2011 20:44, david  wrote:
> Your OS makes no difference: malicious Javascript uses the browser as its

quoted text
> platform, not the OS.

>

> It's possible to Javascript to turn your browser session into a bot; it's

> possible to use Javascript to probe networks hidden behind routers and

> firewalls, identify targets and route target-specific attacks to those

> targets; it's possible for Javascript to capture login IDs and passwords.

>

> It's possible to use Javascript to track what sites you go to and what you

> do there - which is why Google says its OK to run Javascript. Their Google

> Analytics tool requires Javascript. So if someone has Javascript turned off,

> Google doesn't get any tracking information to use and sell to their paying

> customers.

>

> There's no need to require Javascript for site navigation.

>

> Tony Austin wrote:

>

>> Is JavaScript so bad?  Why turn it off?  I am happy to have it on all the

>> time and the worries are much less under Linux.  It's not Java or ActiveX

>> after all.

>>

>> On 1 October 2011 10:34, Arve Barsnes wrote:

>>

>>

>>    On 1 October 2011 08:53, Lorenzo Sutton wrote:

>>     > On 10/01/2011 04:14 AM, Ken Restivo wrote:

>>     >>

>>     >> On Sat, Oct 01, 2011 at 03:00:02AM +0200, Peter Crighton wrote:

>>     >>>

>>     >>> Hello list,

>>     >>> I just wanted to let you know that I started a new blog about

>>     >>> Recording on Linux: http://linux-recording.**blogspot.com/

>>     >>> The first entry (well, not counting the introduction here) is

>> about

>>     >>> using the Analogue Drums Big Mono drumkit with Hydrogen. Let me

>>    know

>>     >>> what you think about the blog, any constructive criticism is much

>>     >>> appreciated!

>>     >>>

>>     >>

>>     >> *sigh*, Google, doesn't anyone use HTML anymore?

>>     >>

>>     >> This is what that website looks like with JavaScript turned off:

>>     >>

>>     >> http://storage.restivo.org/**misc/blogger.jpg

>>     >>

>>     >> I'm sure it's a fantastic blog, but, I dunno what Google has

>>    done to it.

>>     >

>>     > If truth be told it seems a problem with this particular blog

>>    (which by the

>>     > way seems a very cool idea ;) - other blogspot blogs seem to work

>>    with

>>     > JavaScript turned off.

>>     >

>>     > I'm not a blogger user so I'm not sure what google puts in when

>>    you create a

>>     > blog and what it leaves to the user. Maybe, the massive use of

>>    JavaScript

>>     > comes in for recently created ones?

>>     >

>>     > That said. Yes it seems that google is pushing more and more for

>>    the use of

>>     > JavaScript see e.g.

>>     >

>>    http://googlesystem.blogspot.**com/2007/05/no-javascript-no-**

>> google-navigation.html

>>     >

>>    It seems that, without allowing javascript from blogblog.com

>>     this

>>

>>    particular blog doesn't work at all. Is that also owned by Google?

>>

>>    Arve

>>

>

> --

> David

> gnome@hawaii.rr.com

> authenticity, honesty, community

>

> ______________________________**_________________

> Linux-audio-user mailing list

> Linux-audio-user@lists.**linuxaudio.org

> http://lists.linuxaudio.org/**listinfo/linux-audio-user

>

--0016e64bdb7a172bdd04ae422d96

Content-Type: text/html; charset=ISO-8859-1

Content-Transfer-Encoding: quoted-printable
DavidThanks for that.=A0 I have done a little research and I am not=

 sure that all of the things you mention are as risky as you suggest.=A0 Th=

e OS you are using does make a difference, as I understand it, because the =

JS exploit will be downloading the malicious executable from a web site rat=

her than actually carrying out the exploit itself.=A0 Also, the malicious J=

S will need to exploit a browser vulnerability - so if you keep you browser=

 up to date there should not be much risk; the malware writers find the vul=

nerabilities from the browser authors when they plug the holes and issue an=

d update.

Anyway, this is off topic really, I apologise and you're right ther=

e is a risk.=A0 But I am happy to continue with JavaScript enabled on my co=

mputers.TonyOn 1 October 2011 20=

:44, david <gno=

me@hawaii.rr.com> wrote:

Your OS makes no difference: malicious Java=

script uses the browser as its platform, not the OS.
It's possible to Javascript to turn your browser session into a bot; it=

's possible to use Javascript to probe networks hidden behind routers a=

nd firewalls, identify targets and route target-specific attacks to those t=

argets; it's possible for Javascript to capture login IDs and passwords=

.
It's possible to use Javascript to track what sites you go to and what =

you do there - which is why Google says its OK to run Javascript. Their Goo=

gle Analytics tool requires Javascript. So if someone has Javascript turned=

 off, Google doesn't get any tracking information to use and sell to th=

eir paying customers.
There's no need to require Javascript for site navigation.
Tony Austin wrote:
Is JavaScript so bad? =A0Why turn it off? =A0I am happy to have it on all t=

he time and the worries are much less under Linux. =A0It's not Java or =

ActiveX after all.
On 1 October 2011 10:34, Arve Barsnes wrote:
 =A0 =A0On 1 October 2011 08:53, Lorenzo Sutton wrote:

 =A0 =A0 > On 10/01/2011 04:14 AM, Ken Restivo wrote:

 =A0 =A0 >>

 =A0 =A0 >> On Sat, Oct 01, 2011 at 03:00:02AM +0200, Peter Crighton =

wrote:

 =A0 =A0 >>>

 =A0 =A0 >>> Hello list,

 =A0 =A0 >>> I just wanted to let you know that I started a new bl=

og about

 =A0 =A0 >>> Recording on Linux: http://linux-recording.blogspot.co=

m/

 =A0 =A0 >>> The first entry (well, not counting the introduction =

here) is about

 =A0 =A0 >>> using the Analogue Drums Big Mono drumkit with Hydrog=

en. Let me

 =A0 =A0know

 =A0 =A0 >>> what you think about the blog, any constructive criti=

cism is much

 =A0 =A0 >>> appreciated!

 =A0 =A0 >>>

 =A0 =A0 >>

 =A0 =A0 >> *sigh*, Google, doesn't anyone use HTML anymore?

 =A0 =A0 >>

 =A0 =A0 >> This is what that website looks like with JavaScript turn=

ed off:

 =A0 =A0 >>

 =A0 =A0 >> http://storage.restivo.org/misc/blogger.jpg

 =A0 =A0 >>

 =A0 =A0 >> I'm sure it's a fantastic blog, but, I dunno what=

 Google has

 =A0 =A0done to it.

 =A0 =A0 >

 =A0 =A0 > If truth be told it seems a problem with this particular blog=
 =A0 =A0(which by the

 =A0 =A0 > way seems a very cool idea ;) - other blogspot blogs seem to =

work

 =A0 =A0with

 =A0 =A0 > JavaScript turned off.

 =A0 =A0 >

 =A0 =A0 > I'm not a blogger user so I'm not sure what google pu=

ts in when

 =A0 =A0you create a

 =A0 =A0 > blog and what it leaves to the user. Maybe, the massive use o=

f

 =A0 =A0JavaScript

 =A0 =A0 > comes in for recently created ones?

 =A0 =A0 >

 =A0 =A0 > That said. Yes it seems that google is pushing more and more =

for

 =A0 =A0the use of

 =A0 =A0 > JavaScript see e.g.

 =A0 =A0 >

 =A0 =A0http://googlesystem.blogspot.com/2007/05/no-javascript-no-google-navigation.html

 =A0 =A0 >

 =A0 =A0It seems that, without allowing javascript from blogblog.com

 =A0 =A0<http://blogbl=

og.com> this

 =A0 =A0particular blog doesn't work at all. Is that also owned by Goog=

le?
 =A0 =A0Arve
--

David

gnome@hawaii.rr.co=

m

authenticity, honesty, community

_______________________________________________

Linux-audio-user mailing list

=

Linux-audio-user@lists.linuxaudio.org

http://lists.linuxaudio.org/listinfo/linux-audio-user
--0016e64bdb7a172bdd04ae422d96--