flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Heap > Why we should always disable JS (and flash)

Goto page Previous  1, 2, 3, 4, 5, 6, 7
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
JS can jump both sandboxes and VMs. And it only takes one rogue/hacked website to do it. You can't trust JS. Ever. You never know what is being sent to your browser.

Even "trusted" websites become untrusted when your connection has been intercepted. And not just nation states can intercept your connection. Hotel WiFi is notorious for breaking TLS. Many large buildings have their own connection infrastructure. Many offices, businesses, universities and schools will connect you in their own way. And it only takes one bad node in any of the chain of boxes and now your computer has become part of a botnet.
Post 24 Mar 2017, 08:44
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
http://www.theregister.co.uk/2017/04/01/invisible_bitcoin_paywall/

Quote:
HTML5 offers a feature called “Web Workers” that lets web pages run JavaScript in the background of web pages. Those scripts have nothing to do with the user interface and can be invisible to users, other than the fact they consume some processor cycles.

The Register has used Web Workers to create a distributed bitcoin mining operation.

Yay, let's allow all websites to steal our CPU cycles. Because of course doing work for remote websites is much more important than anything you might be doing. Rolling Eyes
Post 03 Apr 2017, 02:02
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 359
Well what you say is correct in principle, but that is just April's Fools Laughing (because otherwise they'd keep their mouths shut)
Post 03 Apr 2017, 10:57
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7267
Location: 22° 15' N | 114° 10' E

Furs wrote:
... but that is just April's Fools Laughing

The mod who always tries to trick other forum members into visiting his/her fake website got fooled! Laughing

Reminds me of this word: comeuppance.

Wink
Post 03 Apr 2017, 11:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation

YONG wrote:

Furs wrote:
... but that is just April's Fools Laughing

The mod who always tries to trick other forum members into visiting his/her fake website got fooled!

I already knew I am not perfect. So confirmation of such things is good. Smile
Post 03 Apr 2017, 14:14
View user's profile Send private message Visit poster's website Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 781
Location: Jakarta, Indonesia
A day without Javascript

Hmm that means no Youtube, no Google mail, no Google maps, etc
Let's see if can survive a day without it Smile
Post 07 Jun 2017, 13:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
I can use Youtube (with a browser extension) and gmail, but google maps doesn't work. There are alternative video, mail and mapping sites though, Google doesn't own the Internet.

TmX: Enjoy.
Post 07 Jun 2017, 13:30
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7267
Location: 22° 15' N | 114° 10' E

TmX wrote:
A day without Javascript

Hmm that means no Youtube, no Google mail, no Google maps, etc
Let's see if can survive a day without it Smile

I seldom use Google maps; HERE maps, provided by Windows Phone, is much better.

YouTube is mainly for entertainment. I can live without it.

Gmail is a must for me, unfortunately.

Wink
Post 08 Jun 2017, 02:13
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
https://securelist.com/78588/50-hashes-per-hour/

Quote:
... Java Script initiates the redirecting of web requests to a malicious local web page.

The attack fails if JS is not run. So if you want to help out the attackers then make sure to have JS available.
Post 10 Jun 2017, 00:06
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 359
I lol'd at "We bet you leave it on so you don’t have to wait until it boots up in the morning." Facepalm at humanity.
Post 10 Jun 2017, 11:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
Let's all help Facebook to control us. I'm sure we can trust Facebook to have our best interests as a first priority. There can't be any profit motive here at all:

http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-plans-to-watch-users-through-webcams-spy-patent-application-social-media-a7779711.html wrote:
Facebook is considering secretly watching and recording users through their webcams and smartphone cameras, a newly discovered patent suggests.

The document explains how the company would use technology to see how your facial expressions change when you come across different types of content on the site.

It would analyse those images to work out how you feel, and use the information to keep you on the site for longer.

It would be a shame if anyone decided to visit with JS disabled. That would be bad for Facebook. Sad

Very Happy


Last edited by revolution on 17 Jun 2017, 17:26; edited 1 time in total
Post 17 Jun 2017, 16:52
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 359
JS has access to your webcam secretly? What a monstrosity browser "feature" Confused

(also, best to not have a webcam too Wink if you're on a PC)
Post 17 Jun 2017, 17:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
I unplug the camera at the source on my laptops. The microphone also, although often mics are soldered in so they get a bit of the heat treatment instead.

Sometimes people ask me why I don't have some tape over my lens ...
Post 17 Jun 2017, 17:30
View user's profile Send private message Visit poster's website Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7267
Location: 22° 15' N | 114° 10' E

Furs wrote:
JS has access to your webcam secretly? What a monstrosity browser "feature" Confused

Whenever the webcam is in use, the LED beside it will light up. Well, some older laptops may not have such an LED. Anyway.

Wink
Post 18 Jun 2017, 02:27
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14794
Location: Lost in translation
The LED is controlled by software though. Sometimes there is a delay before it comes on. Perhaps the camera can be activated briefly to capture an image and deactivated again while the LED remains dark?
Post 18 Jun 2017, 02:45
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6519
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
i stick a label on top of my laptop camera, i rarely use camera,
whenever i put my hand phone, i will cover it with something else at the camera part, Embarassed

i prefer they build those phone with sliding cover, i open it when i want to use it, simple, Laughing
Post 18 Jun 2017, 12:30
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 7267
Location: 22° 15' N | 114° 10' E

sleepsleep wrote:
i prefer they build those phone with sliding cover, i open it when i want to use it, simple, Laughing

My old ASUS laptop actually has such a sliding cover for its camera. Besides, it has a removable battery pack (that probably uses those 18650 cells)!

Wink
Post 19 Jun 2017, 02:10
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.