User: Password:
|
|
Subscribe / Log in / New account

Another good reason to disable JavaScript

Another good reason to disable JavaScript

Posted Sep 18, 2009 4:01 UTC (Fri) by njs (guest, #40338)
In reply to: Another good reason to disable JavaScript by Cato
Parent article: All the malware that's fit to print

The malware itself is not hosted on nytimes.com, but the javascript that loads it is. A quick look at the current source for the nytimes.com frontpage shows what's clearly some code provided by a 3rd party and then pasted into the source. The one I see uses document.write to insert a <script> tag pointing at a 3rd party page, but it could just as well fetch the source code and call eval() to really get around any javascript security limitations.

Of course, they won't bother because malware writers are after the general population, and the general population doesn't write site-by-site javascript security rules. Of course, if you're willing to rely on that fact, then there's no much point in worrying in the first place, because the general population doesn't run Linux and most (though not all) malware that breaks security through technical means is going to rely on some windows-specific stack-smashing code.

Sort of fascinating actually how much info they include in the source, actually -- search for "ADXINFO".


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds