On Thu, 2009-04-16 at 21:14 -0700, Michael A. Peters wrote: > Lanny Marcus wrote: > > My belief is that this is not possible, but there are many extremely > > knowledgeable people participating on this list and I would like to > > know if it is in fact possible. I am running CentOS 5.3 (32 bit) fully > > updated. Browser is Mozilla Firefox v.3.0.7. > > > > I believe both times this happened, once yesterday and once today, I > > was surfing on the web site of my favorite singer/musical group; or in > > the forum, which is a highly restricted area. Today when it happened, > > I believe I was looking at a video coming from YouTube.com > > > > I contacted the webmaster, someone I communicate with frequently, > > thinking that something on one or more of his web pages is infected, > > but he wrote back, thinking that my box (dual boot MS Windows XP and > > CentOS on the same hard drive) is infected by this malware and that > > his web site is clean. Below is part of the description he sent me in > > an email. I have seen the pop ups, a request to install > > Install-2006-60.exe which I declined...., etc. Comes from > > <http://antispywarepcscanner.com> Is there any way the Firefox web > > browser could have been corrupted by this, while using CentOS Linux? > > TIA! Lanny > > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from. > > The fact that an XSS attack was able to give you a phony message means > the same site could have XSS that reads your cookie and steals your > session ID. > > Noscript reduces the odds of such attacks being succesful. --- If it makes you feel any safer I will go there and down load it on my CentOS Desktop! BUT! If your running WINE Then that is another storie I would NOT.
JohnStanley _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
