Lynn Fredricks wrote:
I happen to like Javascript but, wow, you are so right. A lot of the trojans out of the wild today take advantage of how insecure browsers are to deliver payloads right through your browser. Sometimes your antivirus software will catch it, othertimes not.
Reminds me of one of my favorite Raneys posts, on buffer overruns: <http://www.mail-archive.com/metac...@lists.runrev.com/msg02659.html> And this one: <http://www.mail-archive.com/metac...@lists.runrev.com/msg02350.html> Excerpts: ...you should keep in mind that the average cobbled-together MetaCard server is going to be safer, at least WRT to buffer-overrun security problems (the easiest to exploit and most dangerous kind), than virtually any current open-source server program. This is obviously the case when compared with the FTP, HTTP, and BIND servers that are running on the majority of Internet hosts out there, all of which have multiple security holes like this, one of the buffer-overrun bugs in BIND (the DNS server) being the single most commonly exploited security hole in any server software. ... I certainly wouldn't rule out building or using MetaCard server software, even for protocols for which well-known (if buggy) open source software is widely available. While I don't see any big advantage to writing an FTP server in MetaCard, an HTTP server that executes CGI scripts is a different matter entirely and an area where a MetaCard server could be safer and feature-competitive with any of the alternatives. ... ...the ubiquity of buffer-overrun bugs in open source software rises to the level of criminal negligence. There is just no excuse for this kind of sloppy programming, yet not a week goes by that yet another example of this kind of thing isn't found in one of the commonly used open-source packages. I wouldn't blindly trust Microsoft software either, but at least the majority of the security holes in their products were put there deliberately to improve the usability of the products rather than as the result of poor security hygiene on the part of the developer. My advice is to not be afraid of this stuff. Sure, you have to be careful, but you can hardly do any worse a job than those hacks who are writing the software that runs the Internet ;-) :) -- Richard Gaskin Fourth World Rev training and consulting: http://www.fourthworld.com Webzine for Rev developers: http://www.revjournal.com revJournal blog: http://revjournal.com/blog.irv _______________________________________________ use-revolution mailing list use-revolution@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution