He was our security guy and it was a proof of concept. It was within the last year so I would imagine it's still possible.
On Wed, Jul 9, 2008 at 3:59 PM, Allen Brown <[EMAIL PROTECTED]> wrote: > Alarming. How recent was that? Do you know if this is still possible? > -- > Allen Brown > http://brown.armoredpenguin.com/~abrown > >> I started religiously running NoScript in Firefox after a colleague of >> mine figured out how to write a port scanner in Javascript. So if you >> went to his page with Javascript enabled he would able to have you >> run a scan of your internal network, as your user, with your >> permissions, regardless of firewall settings. So my answer would be >> that even if Javascript has gotten safer it doesn't mean that people >> haven't figured out clever things to do with it that you wouldn't want >> to happen. >> >> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <[EMAIL PROTECTED]> wrote: >>> I am moderately paranoid about allowing web sites run javascript >>> in my browser. (I use NoScript in Firefox.) Basically I only >>> enable it if I know the owner of the site or trust them because >>> of who they are. Examples: personal friends or banks. >>> >>> Am I being unnecessarily paranoid? Has Javascript gotten good >>> enough that I can let my guard down? How do you all handle this? >>> -- >>> Allen Brown abrown at peak.org >>> http://brown.armoredpenguin.com/~abrown/ >>> Criticism may not be agreeable, but it is necessary. It fulfils >>> the same function as pain in the human body. It calls attention >>> to an unhealthy state of things. --- Sir Winston Churchill >>> _______________________________________________ >>> EUGLUG mailing list >>> euglug@euglug.org >>> http://www.euglug.org/mailman/listinfo/euglug >>> >> _______________________________________________ >> EUGLUG mailing list >> euglug@euglug.org >> http://www.euglug.org/mailman/listinfo/euglug >> > > > _______________________________________________ > EUGLUG mailing list > euglug@euglug.org > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list euglug@euglug.org http://www.euglug.org/mailman/listinfo/euglug
