flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > Why we should always disable JS (and flash)

Goto page Previous  1, 2, 3, 4, 5, 6
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14388
Location: TRAPPIST-1
Install a VPN and make your security worse.

Most of the problems can be solved by disabling JS.

https://arstechnica.com/security/2017/01/majority-of-android-vpns-cant-be-trusted-to-make-users-more-secure/

Quote:
Two of the apps injected JavaScript code that delivered ads and tracked user behavior. JavaScript is a powerful programming language that can easily be used maliciously


Quote:
Of the 67 percent of VPN products that specifically listed enhanced privacy as a benefit, 75 percent of them used third-party tracking libraries to monitor users' online activities.



Last edited by revolution on 15 Feb 2017, 09:04; edited 1 time in total
Post 29 Jan 2017, 00:40
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14388
Location: TRAPPIST-1
So no surprise to anyone here but as usual yet another JS problem:

https://www.theregister.co.uk/2017/02/05/chrome_56_quietly_added_bluetooth_snitch_api/ wrote:
“The Web Bluetooth API uses the GATT [Generic Attribute Profile – ed.] protocol, which enables your app to connect to devices such as light bulbs, toys, heart-rate monitors, LED displays and more, with just a few lines of JavaScript.”

Websites should be given more power and control over our computers and be able to grab whatever they want. Who are we to try and stand in the way of progress? [/sarcasm] Rolling Eyes
Post 09 Feb 2017, 08:50
View user's profile Send private message Visit poster's website Reply with quote
Jerry



Joined: 24 Dec 2016
Posts: 18
Location: Zeist, Netherlands
Post 15 Feb 2017, 06:24
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6208
http://thehackernews.com/2017/02/bypass-aslr-browser-javascript.html

Quote:
According to the team, the only way you can protect yourself against AnC attacks is to enable plug-ins, such as NoScript for Firefox or ScriptSafe for Chrome, to block untrusted JavaScript code on web pages from running in the browser.



or maybe surf inside virtualbox, vmware, esx or etc container, or stop using browser?
Post 17 Feb 2017, 15:15
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14388
Location: TRAPPIST-1
But how to define "untrusted JavaScript code"?

My definition: Anything that comes from an external source out of your control cannot be trusted. And anything that comes from an internal source within your contrl that might be subject to malware/APT/etc. should also be considered untrusted. So that would cover pretty much everything connected to the Internet.
Post 17 Feb 2017, 15:54
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6208

revolution wrote:

But how to define "untrusted JavaScript code"?


those domain that you never heard before,

my whitelist would be, etc microsoft, google, (no choice, we got to trust them) then expand whitelist from what they trust,


revolution wrote:

My definition: Anything that comes from an external source out of your control cannot be trusted. And anything that comes from an internal source within your contrl that might be subject to malware/APT/etc. should also be considered untrusted. So that would cover pretty much everything connected to the Internet.


a definition like that will most probably, end up with total seclusion from others in physical,
Post 18 Feb 2017, 03:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14388
Location: TRAPPIST-1
Well, like I said in the title, disable JS. You can't trust anything.

And BTW: We do have a choice, I don't allow google or MS to run scripts, and my system still works just fine.
Post 18 Feb 2017, 12:39
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6208
well, disable js will disable the following:
- online banking,
- web based email
- online shopping websites,
- government services websites,
- and much more,

might be as well, stop using internet and de-subsribe data package?
Post 18 Feb 2017, 13:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14388
Location: TRAPPIST-1
sleepsleep, sorry but you are wrong on all those counts. I can do all of the above in your list without JS.
Post 18 Feb 2017, 13:07
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.