Re: Could this virus exploit end up embedded ...
by "Cyanide _7" <leo7278(at)hotmail.com>
|
| Date: |
Sun, 07 May 2000 22:23:54 CDT |
| To: |
nd264(at)nyu.edu |
| Cc: |
hwg-languages(at)hwg.org |
| |
todo: View
Thread,
Original
|
|
just curious, what actions would the viewer have to take for such a script
to maliciously attack the client machine? merely viewing? downloadig? i
thought such scripting languages required permission to access the client
machine. also, why has this never been an issue until now?!? - Cyanide_7
>
>Yes. VERY easily (if you are familiar with visual basic scripting).
>
> Browsers affected? All that support client-side scripting, ActiveX
>controls, and any type of script that has anything to do with accessing a
>user's computer (this includes JavaScript and cookies... believe it or
>not... also one needs to be an 'expert' to make it function correctly).
>
> The likelihood of being embedded? Not on reputable sites... but on
>personal websites designed by students or novices (no offense anyone), I
>would be careful.
> Again, software at risk... anything that executes scripts: Web
>browsers,
>OSes... everything is always at risk, so I wouldn't expect better answers
>for this question.
> Turned off other way? NOPE! :o)
>
>Yours,
> Nasser Dassi
>
>----- Original Message -----
>From: KathyW <kathyw(at)home.albury.net.au>
>To: <hwg-languages(at)hwg.org>
>Sent: Sunday, May 07, 2000 8:25 PM
>Subject: Could this virus exploit end up embedded ...
>
>
> > ... in a web page?
> >
> > Being one who has avoided m$ proprietary formats for a looooong time, I
>don't
> > know enough about how they work/can be used to say yay or nay but could
>this
> > recent vbx (or is it vbs - I hear conflicting reports) script end up
>embedded in
> > web pages, and if so, would it only affect browsers that supported vbx/s
>(IE and
> > it's 'clones')?
> >
> > Javascript is heavilly sand-boxed, as is java (my two preferred
>technologies).
> > If vbx/s could be so exploited/exploitable, how has this situation been
>allowed
> > to develop? Every time a new javascript or java exploit is found it gets
>jumped
> > on and plugged up big time.
> >
> > Anyway, what I'd really like to know is
> > a) does the risk exist that the latest round of exploits are
>possible/likely to
> > end up embedded in web pages and if so
> > b) who or what software is at risk and
> > c) can this type of scripting be turned off without disabling javascript
>as
> > well in those browsers?
> >
> > KathyW.
> >
> > Red Hat Linux 6.1 (kernel 2.2.14)
> > Sun JDK1.2.2
> > PolarBarMailer16b (beta/alpha ... what the heck, I like it ;-)
> >
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA