July 30th, 2006

ronin

In today's news of the bleedingly obvious: JavaScript is utterly insecure.

C|Net is reporting that JavaScript malware is opening the door for hackers to attack internal networks. During the Black Hat Briefings conference Jeremiah Grossman (CTO, WhiteHat Security) '...will be showing off how to get the internal IP address, how to scan internal networks, how to fingerprint and how to enter DSL routers ... As we're attacking the intranet using the browser, we're taking complete control over the browser.' According the the article, the presence of cross-site scripting vulnerabilities (XSS) dramatically increase the possible damage that can be caused. The issue also not which-browser-is-more-secure, as all major browsers are equally at risk. Grossman says 'The users really are at the mercy of the Web sites they visit. Users could turn off JavaScript, which really isn't a solution because so many Web sites rely on it.'"

http://it.slashdot.org/it/06/07/30/0547227.shtml

Well, freaking duh. How many years now have I been ranting about JScript? I suspect it's been at least 3, possibly more.

I went to a certain site recently that used JavaScript for EVERYTHING. Seriously. You couldn't click on the FAQ link without JavaScript enabled, because it used "onclick:GoToFaqPage()" instead of a freaking anchor tag! Hello, people! Have you heard of this new thing called HTML 1.0? It's really revolutionary! You know, was invented 11 years ago and everything!

Thing is, I know this problem will never get better. Everyone uses JavaScript to do what they should be using CGI (or even a freaking HTML tag) to do. It would load faster, run faster, be less complicated to create and maintain, and not force the user's browser to default-enable a huge gaping security hole. But nnnnooooooooo....

I myself use NoScript religiously. And I know that nobody gives a damn if crotchety old me hates their website, but if your website *requires* JScript for even the most basic functionaity... I will never visit your site again. (Exceptions: YouTube and Google video.) And maybe send you a flame via email as well for being a dumbass as well.
ronin

The American electorate is NOT WORTH SAVING, part 3,654,091


Despite being widely reported in the media that the U.S. and other countries have not found any weapons of mass destruction in Iraq, surprisingly; more U.S. adults (50%) think that Iraq had such weapons when the U.S. invaded Iraq. This is an increase from 36 percent in February 2005.

http://www.harrisinteractive.com/harris_poll/index.asp?PID=684


"We don't need to find any weapons of mass destruction! We only need to WANT to find 'em! That's the way it works!!" -Red vs. Blue: Real Life vs. The Internets


I'm not even going to touch the "64% of those polled say that Saddam had strong links with Al Qaeda" statistic on that page. It's just too fucking depressing.

The more time goes on, the more strongly I believe getting out of this country is the sanest possible thing I could do...
  • Current Music
    Marilyn Manson - The Beautiful People