Marko Vojinovic wrote:
> So my advice to you is to just drop the subject. If you don't trust
> javascript yourself, you are welcome to disable it or use no-script.
> But please don't try to convince the whole world that there is a
> major security hole in it, because there isn't, and people will
>
JD writes:
At the very least, javascript should be blocked just because
it is invasive!
And you were told, several times, how to block javascript.
Have you already blocked Javascript from being executed in your browser, as
I and others have told you to do?
pgpd7JpP03Szk.pgp
Description:
On Sat, 2011-07-02 at 16:45 -0700, JD wrote:
> On 07/02/2011 01:07 PM, Craig White wrote:
> > On Fri, 2011-07-01 at 21:14 -0700, JD wrote:
> >
> >> You are right.
> >> It turns out it does it via the intruder which the whole
> >> world was deceived by Sun that it only plays in a sandbox
> >> and ha
On Sunday 03 July 2011 06:40:21 JD wrote:
> Well, javascript is known to be "craftable" to do evil.
> I am sure you have already seen the links I sent.
You know, I can provide you with a whole bunch of links on the net about
people being abducted by aliens and experimented on. Does that mean that
On 07/03/2011 01:45 AM, JD wrote:
> On 07/02/2011 01:07 PM, Craig White wrote:
>> On Fri, 2011-07-01 at 21:14 -0700, JD wrote:
>>
>>> You are right.
>>> It turns out it does it via the intruder which the whole
>>> world was deceived by Sun that it only plays in a sandbox
>>> and has no access to an
On 02/07/11 05:14, JD wrote:
> You are right.
> It turns out it does it via the intruder which the whole
> world was deceived by Sun
Javascript, Sun?
that it only plays in a sandbox
> and has no access to anything outside that sandbox: Javascript.
I have js enabled on all web boxes,
no leaks
t use JS a leave the wolrd in peace
Original-Nachricht ----
Betreff: Fedora Security and the Uverse 3800HGV-B router
Datum: Fri, 01 Jul 2011 20:45:53 -0700
Von: JD
Antwort an: Community support for Fedora users
An: Community support for Fedora users
I am writing this message wi
On 07/02/2011 10:13 PM, Joe Zeff wrote:
> On 07/02/2011 09:40 PM, JD wrote:
>> Actually, no.
>> I mean drugs that will kill you even when you take them
>> as Rx'ed!
>> I am sure you have heard the TV/Radio ads for some drugs??
>> Many state that death is a possible side effect
> Not to pick a nit,
On 07/02/2011 09:40 PM, JD wrote:
> Actually, no.
> I mean drugs that will kill you even when you take them
> as Rx'ed!
> I am sure you have heard the TV/Radio ads for some drugs??
> Many state that death is a possible side effect
Not to pick a nit, but if you take a drug, such as penicillin, and
On 07/02/2011 09:21 PM, Ed Greshko wrote:
> On 07/03/2011 11:59 AM, JD wrote:
>> Taking this offline -
>> with noscript, all are blocked by default - no whitelist.
>> I temporarily unblock specific sites that I do business with.
> OK.
>
> But just a request, from me at least. Could you make a note
On 07/02/2011 09:12 PM, Joe Zeff wrote:
> On 07/02/2011 08:32 PM, JD wrote:
>> It is all based on vested interests who stand to profit from something
>> that is pushed and marketed as safe. Like so many drug companies
>> that pushed and still push drugs with deadly side effects.
> You mean like ins
On 07/03/2011 11:59 AM, JD wrote:
> Taking this offline -
> with noscript, all are blocked by default - no whitelist.
> I temporarily unblock specific sites that I do business with.
OK.
But just a request, from me at least. Could you make a note somewhere
for yourself that you've disabled javasc
On 07/02/2011 08:32 PM, JD wrote:
> It is all based on vested interests who stand to profit from something
> that is pushed and marketed as safe. Like so many drug companies
> that pushed and still push drugs with deadly side effects.
You mean like insulin? It can be deadly, you know, if you take
On Sunday 03 July 2011 00:39:28 JD wrote:
> On 07/02/2011 10:39 AM, Marko Vojinovic wrote:
> > On Saturday 02 July 2011 15:50:18 JD wrote:
> >> If a javascript can browse all accessible files, what's there
> >> to prevent someone from writing a javascript to spawn
> >> a process to upload your file
On 07/02/2011 08:51 PM, Dave Stevens wrote:
> so.have you blocked it?
>
> d
>
Taking this offline -
with noscript, all are blocked by default - no whitelist.
I temporarily unblock specific sites that I do business with.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or c
On 07/03/2011 11:32 AM, JD wrote:
> At the very least, javascript should be blocked just because
> it is invasive!
That is the conclusion you've reached for yourself based on your
knowledge of the subject matter.
So, by all means, disable javascript in your browser. Also, you'll need
to do it in
Quoting JD :
> On 07/02/2011 06:40 PM, Joe Zeff wrote:
>> On 07/02/2011 05:48 PM, JD wrote:
>>> I do understand why you are so shrill in defending
>>> javascript, and resorting to cussing and name calling.
>>> Apparently it is your bread and butter :)
>> JD, if one or two people here were insistin
On 07/02/2011 06:40 PM, Joe Zeff wrote:
> On 07/02/2011 05:48 PM, JD wrote:
>> I do understand why you are so shrill in defending
>> javascript, and resorting to cussing and name calling.
>> Apparently it is your bread and butter :)
> JD, if one or two people here were insisting that you're wrong,
On 07/02/2011 08:07 PM, JD wrote:
> Just as the article mentions.
> That "troubling history" of security holes in javascript
> is in and of itself a much stronger conviction of wrongdoing
> than I have provided. Calling it "bugs" is laughable at best.
The page itself says that it was created on 20
On 07/02/2011 06:35 PM, Reindl Harald wrote:
>
> Am 03.07.2011 03:31, schrieb JD:
>
>>> so what will you tell us?
>>> that you are a noob and picking some documents you do not understand?
>>> everybody here has realized this long ago!
>>>
>> And you ignore:
>> "...JavaScript has a more troubling hi
On 07/03/2011 09:48 AM, Sam Varshavchik wrote:
> JD writes:
>
>> I sent a reply to Ed. Read that one.
>
> I've read what you wrote. Now, why don't you just solve your problem
> turn off Javascript in Firefox, and move on with your life.
>
>
I still wonder how he has convinced himself that somehow
On 7/2/2011 7:28 PM, Tom H wrote:
> On Sat, Jul 2, 2011 at 10:18 PM, Mark C. Allman wrote:
>> I read a few of the e-mails in this thread and that's all I needed to
>> see. I think it's time for the list moderator to step in and call it a
>> draw.
> A draw?!
>
> If you ignore the harsh language, t
On Sat, Jul 2, 2011 at 10:18 PM, Mark C. Allman wrote:
>
> I read a few of the e-mails in this thread and that's all I needed to
> see. I think it's time for the list moderator to step in and call it a
> draw.
A draw?!
If you ignore the harsh language, the OP's saying "the earth is flat"
no mat
On 07/02/2011 06:53 PM, Reindl Harald wrote:
> sorry, but i can not resist answer this way to people
> who are showing over hours that they are dumb noobs and
> believing they have understand the whole world and
> all others out there are failing
Can you at least resist the temptation to do it in
I read a few of the e-mails in this thread and that's all I needed to
see. I think it's time for the list moderator to step in and call it a
draw.
--
Mark C. Allman, PMP, CSM
Allman Professional Consulting, Inc.
First Vice-President, Ocean State PMI
www.allmanpc.com, 617-947-4263
Follow allman
On 07/03/2011 09:35 AM, Reindl Harald wrote:
>
> Am 03.07.2011 03:31, schrieb JD:
>
>>> so what will you tell us?
>>> that you are a noob and picking some documents you do not understand?
>>> everybody here has realized this long ago!
>>>
>> And you ignore:
>> "...JavaScript has a more troubling hi
On 7/2/2011 6:44 PM, Chris wrote:
> Keep the language clean. I hope the moderator is watching
It is time to ask, not hope, that moderator is watching ... this is one
of the uglier dialogues I've seen
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options
Am 03.07.2011 03:51, schrieb JD:
> On 07/02/2011 06:26 PM, Reindl Harald wrote:
>>
>> Am 03.07.2011 03:23, schrieb JD:
>>
>>> You missed the import of what I was saying...
>>> that a javascript pushed by a website,
>>> forced on my browser to execute on my machine
>>> is in and of itself a violat
On 07/02/2011 06:26 PM, Reindl Harald wrote:
>
> Am 03.07.2011 03:23, schrieb JD:
>
>> You missed the import of what I was saying...
>> that a javascript pushed by a website,
>> forced on my browser to execute on my machine
>> is in and of itself a violation of privacy and security.
>> Furthermore,
JD writes:
You missed the import of what I was saying...
that a javascript pushed by a website,
forced on my browser to execute on my machine
is in and of itself a violation of privacy and security.
Ok, understood.
In Firefox, there's a setting to disable Javascript. Switch it off. Problem
so
9:26:56 PM
> Subject: Re: Fedora Security and the Uverse 3800HGV-B router
>
>
>
> Am 03.07.2011 03:23, schrieb JD:
>
>> You missed the import of what I was saying...
>> that a javascript pushed by a website,
>> forced on my browser to execute on my machi
Keep the language clean. I hope the moderator is watching
- Original Message -
From: "Reindl Harald"
To: users@lists.fedoraproject.org
Sent: Saturday, July 2, 2011 9:26:56 PM
Subject: Re: Fedora Security and the Uverse 3800HGV-B router
Am 03.07.2011 03:23, schrieb JD:
> Y
On 07/02/2011 05:48 PM, JD wrote:
> I do understand why you are so shrill in defending
> javascript, and resorting to cussing and name calling.
> Apparently it is your bread and butter :)
JD, if one or two people here were insisting that you're wrong, and that
javascript can't do what you say it'
Am 03.07.2011 03:31, schrieb JD:
>> so what will you tell us?
>> that you are a noob and picking some documents you do not understand?
>> everybody here has realized this long ago!
>>
> And you ignore:
> "...JavaScript has a more troubling history of security holes"
> http://www.w3.org/Secur
On 07/02/2011 06:25 PM, Reindl Harald wrote:
>
> Am 03.07.2011 03:18, schrieb JD:
>
>> Quote:
>> /" ...Javascript/ is a client language, but you /can/ combine it whit a
>> server language to /delete files/. in PHP you /can/ use unlink()
>> function to /delete file/. *...*"
>> http://digitarald.de/f
Am 03.07.2011 03:23, schrieb JD:
> You missed the import of what I was saying...
> that a javascript pushed by a website,
> forced on my browser to execute on my machine
> is in and of itself a violation of privacy and security.
> Furthermore, it would be incredibly shortsighted
> (stating it mi
Am 03.07.2011 03:18, schrieb JD:
> Quote:
> /" ...Javascript/ is a client language, but you /can/ combine it whit a
> server language to /delete files/. in PHP you /can/ use unlink()
> function to /delete file/. *...*"
> http://digitarald.de/forums/topic.php?id=110
and this is the best exampl
On 07/02/2011 05:42 PM, Sam Varshavchik wrote:
> JD writes:
>
>> On 07/02/2011 02:42 PM, Sam Sharpe wrote:
>> > On 2 July 2011 22:20, JD wrote:
>> >> On my machine, when I disable javascript, it is unable to display
>> my files.
>> >> I understand that the browser is supposed to be able to display
On 07/02/2011 05:34 PM, Ed Greshko wrote:
> On 07/03/2011 07:45 AM, JD wrote:
>> Why do you resort to name calling?
>> It is not hysterics.
>> A javascript sent by we site can, if written
>> to do so, open your files and upload them to
>> some remote site; and you call this hysterics?
>> Something
Am 03.07.2011 02:48, schrieb JD:
> I do understand why you are so shrill in defending
> javascript, and resorting to cussing and name calling.
> Apparently it is your bread and butter :)
no because the world where i develop is living on the serverside
there is nothing to defend agianst learnin
On 07/02/2011 05:24 PM, Reindl Harald wrote:
>
> Am 03.07.2011 02:17, schrieb JD:
>> When I knowingly and deliberately browse my files,
>> cannot be deemed to be the same as a javascript
>> that some web site sends to my computer to be executed
>> by the browser to snoop on my files.
> why do you n
Am 03.07.2011 02:42, schrieb Sam Varshavchik:
> What you're missing is that a remote server's ability to instruct your web
> browser to open the contents of file:///
> URL is limited to precisely that: your web browser opening and displaying the
> contents of file:///. The remote
> server's ja
Am 03.07.2011 02:36, schrieb JD:
> On 07/02/2011 04:46 PM, Reindl Harald wrote:
>> Am 03.07.2011 01:39, schrieb JD:
>>> As far as writing, the script is running with the user
>>> credentials. Why would it not be able to write to or
>>> delete the user's own files or other users' files which
>>> ha
JD writes:
On 07/02/2011 02:42 PM, Sam Sharpe wrote:
> On 2 July 2011 22:20, JD wrote:
>> On my machine, when I disable javascript, it is unable to display my
files.
>> I understand that the browser is supposed to be able to display your files
>> with the file:/// URL.
>> I just was not expe
On Sat, Jul 2, 2011 at 7:45 PM, JD wrote:
>
> A javascript sent by we site can, if written
> to do so, open your files and upload them to
> some remote site; and you call this hysterics?
> Something is wrong with your thinking to resort
> to name calling.
> I think user's awareness, that javascrip
On 07/02/2011 04:48 PM, Reindl Harald wrote:
>
> Am 03.07.2011 01:45, schrieb JD:
>
>> A javascript sent by we site can, if written
>> to do so, open your files and upload them to
>> some remote site; and you call this hysterics?
> yes because you have no plan about what you are speaking
> and waht
On 07/02/2011 04:46 PM, Reindl Harald wrote:
> Am 03.07.2011 01:39, schrieb JD:
>> As far as writing, the script is running with the user
>> credentials. Why would it not be able to write to or
>> delete the user's own files or other users' files which
>> have permissive perms settings?
> BECAUSE J
On 07/03/2011 07:45 AM, JD wrote:
> Why do you resort to name calling?
> It is not hysterics.
> A javascript sent by we site can, if written
> to do so, open your files and upload them to
> some remote site; and you call this hysterics?
> Something is wrong with your thinking to resort
> to name ca
Am 03.07.2011 02:23, schrieb JD:
> When I disabled javascript, the the link in the
> router's page could no longer open
> file:///
oh what a wonder
> I am not saying that THAT script in itself is a terrible
> threat. There are far more sophisticated javascripts
> than just displaying your file
Am 03.07.2011 02:17, schrieb JD:
> When I knowingly and deliberately browse my files,
> cannot be deemed to be the same as a javascript
> that some web site sends to my computer to be executed
> by the browser to snoop on my files.
why do you not stop talking about things you do not understand
s
On 07/02/2011 02:42 PM, Sam Sharpe wrote:
> On 2 July 2011 22:20, JD wrote:
>> On my machine, when I disable javascript, it is unable to display my files.
>> I understand that the browser is supposed to be able to display your files
>> with the file:/// URL.
>> I just was not expecting my router t
On 07/02/2011 01:18 PM, Reindl Harald wrote:
>
> Am 02.07.2011 16:50, schrieb JD:
>> On 07/02/2011 01:32 AM, Reindl Harald wrote:
>>> Am 02.07.2011 06:14, schrieb JD:
>>>
When will the linux community wake up and shout out loud:
Kill JavaScript from all browsers and all network servers
>>
dear JD - please stop this idiotic thread
javascript has no capability to write or delete local files
javascript has no capability to upload files without user-interaction
javascript has no capability to read local files directly
so what is your problem?
signature.asc
Description: OpenPGP digi
Am 03.07.2011 01:45, schrieb JD:
> A javascript sent by we site can, if written
> to do so, open your files and upload them to
> some remote site; and you call this hysterics?
yes because you have no plan about what you are speaking
and waht javascriot is allowe and not
learn basics and do not
Am 03.07.2011 01:39, schrieb JD:
> As far as writing, the script is running with the user
> credentials. Why would it not be able to write to or
> delete the user's own files or other users' files which
> have permissive perms settings?
BECAUSE JAVASCRIPT CAN NOT DO THIS
> It is the fact that as
On 07/02/2011 01:07 PM, Craig White wrote:
> On Fri, 2011-07-01 at 21:14 -0700, JD wrote:
>
>> You are right.
>> It turns out it does it via the intruder which the whole
>> world was deceived by Sun that it only plays in a sandbox
>> and has no access to anything outside that sandbox: Javascript.
>
On 07/02/2011 10:39 AM, Marko Vojinovic wrote:
> On Saturday 02 July 2011 15:50:18 JD wrote:
>> On 07/02/2011 01:32 AM, Reindl Harald wrote:
>>> Am 02.07.2011 06:14, schrieb JD:
It is THE trojan horse hiding in plain site and can access
EVERYTHING on your system that YOU have access to an
On 2 July 2011 22:20, JD wrote:
> On my machine, when I disable javascript, it is unable to display my files.
> I understand that the browser is supposed to be able to display your files
> with the file:/// URL.
> I just was not expecting my router to issue a javascript to
> to access my files. An
On 07/02/2011 11:27 PM, Reindl Harald wrote:
>
> Am 02.07.2011 23:16, schrieb Christopher Svanefalk:
>
>> Reindl - just a friendly tip: going civil goes a long way.
>>
>> Cheers,
>>
>> Chris
> sorry, but reading so much bulls**it from OP hurts me
>
Yea man I'm not trying to be a wiseguy, I'm just
Am 02.07.2011 23:16, schrieb Christopher Svanefalk:
> Reindl - just a friendly tip: going civil goes a long way.
>
> Cheers,
>
> Chris
sorry, but reading so much bulls**it from OP hurts me
signature.asc
Description: OpenPGP digital signature
--
users mailing list
users@lists.fedoraproject
On 07/02/2011 10:21 AM, Marko Vojinovic wrote:
> On Saturday 02 July 2011 17:10:33 JD wrote:
>> On 07/02/2011 08:12 AM, Brendan Jones wrote:
>>> On 07/02/2011 01:45 PM, JD wrote:
So how is the router doing it?
This is a very disconcerting security hole and I have not been
able to nai
On 07/02/2011 10:18 PM, Reindl Harald wrote:
>
> Am 02.07.2011 16:50, schrieb JD:
>> On 07/02/2011 01:32 AM, Reindl Harald wrote:
>>> Am 02.07.2011 06:14, schrieb JD:
>>>
When will the linux community wake up and shout out loud:
Kill JavaScript from all browsers and all network servers
>>
Am 02.07.2011 16:50, schrieb JD:
> On 07/02/2011 01:32 AM, Reindl Harald wrote:
>> Am 02.07.2011 06:14, schrieb JD:
>>
>>> When will the linux community wake up and shout out loud:
>>> Kill JavaScript from all browsers and all network servers
>>> and network clients
>> never because the community
On Fri, 2011-07-01 at 21:14 -0700, JD wrote:
> You are right.
> It turns out it does it via the intruder which the whole
> world was deceived by Sun that it only plays in a sandbox
> and has no access to anything outside that sandbox: Javascript.
what does javascript have to do with Sun? It i
On Saturday 02 July 2011 15:50:18 JD wrote:
> On 07/02/2011 01:32 AM, Reindl Harald wrote:
> > Am 02.07.2011 06:14, schrieb JD:
> >> It is THE trojan horse hiding in plain site and can access
> >> EVERYTHING on your system that YOU have access to and
> >> send it back to whatever destination the ja
On Saturday 02 July 2011 17:10:33 JD wrote:
> On 07/02/2011 08:12 AM, Brendan Jones wrote:
> > On 07/02/2011 01:45 PM, JD wrote:
> >> So how is the router doing it?
> >> This is a very disconcerting security hole and I have not been
> >> able to nail it down to any daemon running on my Fedora.
> >
On 07/02/2011 08:12 AM, Brendan Jones wrote:
> On 07/02/2011 01:45 PM, JD wrote:
>> So how is the router doing it?
>> This is a very disconcerting security hole and I have not been
>> able to nail it down to any daemon running on my Fedora.
>>
> Isn't the page just redirecting to file:/// ?
>
> You
On 07/02/2011 01:45 PM, JD wrote:
> So how is the router doing it?
> This is a very disconcerting security hole and I have not been
> able to nail it down to any daemon running on my Fedora.
>
Isn't the page just redirecting to file:/// ?
You can do the same by typing that into the address bar yo
On 07/02/2011 05:16 AM, James McKenzie wrote:
> On 7/1/11 9:14 PM, JD wrote:
>> Common people! JAVASCRIPT being executed by your
>> browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!!
>>
> You do have the option of turning it off, you know. That is one thing
> every security expert knows
On 07/02/2011 01:32 AM, Reindl Harald wrote:
> Am 02.07.2011 06:14, schrieb JD:
>
>> When will the linux community wake up and shout out loud:
>> Kill JavaScript from all browsers and all network servers
>> and network clients
> never because the community is not dumb
> why do we not forbid knifes
On 7/1/11 9:14 PM, JD wrote:
>
> Common people! JAVASCRIPT being executed by your
> browser on your system is a HUGE WIDE OPEN SECURITY HOLE!!!
>
You do have the option of turning it off, you know. That is one thing
every security expert knows about and disables in a major way.
James
--
user
Am 02.07.2011 06:14, schrieb JD:
> When will the linux community wake up and shout out loud:
> Kill JavaScript from all browsers and all network servers
> and network clients
never because the community is not dumb
why do we not forbid knifes since people are killed with them?
> It is THE troja
On 07/01/2011 08:57 PM, john wendel wrote:
> On 07/01/2011 08:45 PM, JD wrote:
>> I am writing this message with the hope that someone on this
>> list has this uverse router.'
>> When I use Firefox to browse to this router (192.168.1.254),
>> it displays the "Home" machines connected to the network
On 07/01/2011 08:45 PM, JD wrote:
> I am writing this message with the hope that someone on this
> list has this uverse router.'
> When I use Firefox to browse to this router (192.168.1.254),
> it displays the "Home" machines connected to the network.
> For each machine it displays:
> a tv icon, i
I am writing this message with the hope that someone on this
list has this uverse router.'
When I use Firefox to browse to this router (192.168.1.254),
it displays the "Home" machines connected to the network.
For each machine it displays:
a tv icon, it's name, and a link named "Access FIles"
and
75 matches
Mail list logo
