Posted by Peter on 10/10/63 11:20

On Sun, 03 Jul 2005 13:01:39 -0700, in alt.2600 Onideus Mad
Hatter <usenet@backpassage-productions.net> quoth:

>On Sun, 03 Jul 2005 19:14:52 +0100, Peter <peter_hood@ausi.com> wrote:
>
>>It would be helpful if you thought before posting your
>>misguided 'thoughts'.
>
>Oh is that so? No offense kiddo...but it's like you just ASKED to get
>verbally beaten into the fuckin wall.
>
>>Mozilla and Netscape JavaScript Bugs Compromise Privacy and
>>Security:
>>
>>http://mozillaquest.com/Mozilla-02/Mozilla_JS_Referer_Bug_145579_Story01.html
>
>"While we were working on this story, Mozilla Bug #145579 was fixed in
>the daily/nightly Mozilla development builds."
>
>And hrmmm...that was back in 2002...ya fuckin idiot!


Fool; it is not the Java security fix that you need to worry
about, it is the one that you have not heard about. This is
one of the abiding assumptions behind my firewall and
privacy software, and it is an underpinning principle in the
anti virus software that I use - which scans all web
material - and behind the registry protection software that
I use. Moreover, you didn't address all of the points in all
of the URLs, including those in the meta URL.

Must I do all of your thinking for you? I guess so.

Here, read on in that very same article:

>In the Mozilla and Netscape browsers, JavaScript is mostly
>an all or none deal. However, in Microsoft Internet Explorer
>(MSIE) and MSIE-based browsers, you can set JavaScript to
>off, on, or ask before allowing a JavaScript to run. Please
>see Figure 1.

Now, why do you think that they go on to discuss this, and
why do you think that Microsoft refer to scripting - in the
"custom scripting security settings" as "potentially risky"?

Perhaps you need further confirmation of why you don't know
better, as much as you would like the world to believe
otherwise:

http://www.devarticles.com/c/a/JavaScript/JavaScript-Security/

>JavaScript Security
>( Page 1 of 9 )
>
>JavaScript has a long and inglorious history of atrocious
>security holes. Its security problems are not limited to
>implementation errors. There are numerous ways in which
>scripts can affect the user’s execution environment without
>violating any security policies. This chapter examines the
>security policies browsers enforce on JavaScript embedded
>in Web pages. (From JavaScript: The Complete Reference,
>second edition, by Thomas Powell and Fritz Schneider
>McGraw-Hill/Osborne, ISBN: 0072253576.)

Yeah, I know that you will snip and run Hattums, but that's
par for the course.

Since you are so easily satisfied it is small wonder that
you have failed to complete your education, and that you
stay up so late glued to your PC carrying out pointless
exercises in stupidity.

If you had half a clue about security, you'd not have made
the comments that you did about .jpg files, in the face of
recent events:

http://www.f-secure.com/v-descs/ms04-028.shtml



>>http://snipurl.com/sillyhattums
>
>CERT Advisory CA-1997-20 JavaScript Vulnerability
>Not applicable to current browsers, it hasn't worked since IE 4 fer
>fuck sake!
>
>US-CERT Vulnerability Note VU#184820
>"Adobe Acrobat contains a vulnerability in"
>Doesn't apply to web browsers, Kiddo.
>
>US-CERT Vulnerability Note VU#534710
>Only affects Mozilla/Firefox and it was resolved in ver 1.0.4 of
>Firefox 1.0.4 and 1.7.8 of Mozilla
>
>US-CERT Vulnerability Note VU#973309
>Exactly the same as before, only Mozzilla/Firefox and it's already
>been patched.
>
>US-CERT Vulnerability Note VU#648758
>Only affects Firefox and it's already been patched.
>
>US-CERT Vulnerability Note VU#255915
>Only affects older version of this "WebBoard" proggie.
>
>US-CERT Vulnerability Note VU#270083
>Only affects the IBM VisualAge Professional Vesion 3.5 Java Servlet
>Container, they're up to version 4.0 though so they never bothered to
>patch the outdated one.
>
>Sweet baby Jesus nailed to a cross, Petey boi, did you even bother to
>READ any of these? Holy fuckin keeristmas!

Yes I did, but you clearly did not:

http://www.cert.org/current/archive/2004/08/25/archive.html

>This activity is another example of why end users
>must exercise caution when JavaScript is enabled
>in their web browser. Disabling JavaScript will
>prevent this activity from affecting an end-user's
>system, but may also degrade the appearance and
>functionality of some web sites that rely upon
>JavaScript. US-CERT recommends that end-users
>disable JavaScript unless it is absolutely
>necessary. Users should be aware that any web
>site, even those that may be trusted by the
>user, may be affected by this activity and
>thus contain potentially malicious code

Note; this is a recommendation for standard security
precautions, the implication clearly is that more exploits
will be revealed and used.

>>IIS 5 Web Server Compromises:
>>
>>http://www.cert.org/current/archive/2004/07/08/archive.html
>
>A year out of date and it's already been patched...is that ALL you've
>got? A patched compromise for an out of date version of IE? You're
>running "privacy" software to protect you from something that's
>already been patched on a version that you're probably not even using?
>
>WOAH...boy you sure put the DUH in DUHMB!

Not at all; you are steadily beginning to show that you are
devoid of any sense of online security, that you lack common
sense, that you don't read and that you are very silly, Baby
Matthew.

> --
>
>Onideus Mad Hatter
>mhm ¹ x ¹
>http://www.backpassage-productions.net

--
Peter
Mine is my freedom
you take I'll defy

laugh 'til I'm tired
sing 'til I'm dry

'cos life is a moment
you pass with a sigh

never comes back sure
as yesterday's bye....

<From "In my own time", by Family>

[Back to original message]