New browser exploit on the block!
1. You visit a malicious website.
2. The attacker is able to take control of the links that your browser visits.
The problem affects almost all of browsers.
The exploit, however, does not affect:
a) lynx, links, edbrowse or various other browsers that do not support DHTML or JavaScript (aka the browsers that don't let you use dynamic webpages and no luser in their right mind would use).
b) Firefox 2 or Firefox 3 with NoScript (with the no <iframe> option selected).
Just turning JavaScript off in your browser will not help you. With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening. You need to basically disable most of the dynamic content on the page, which means a hell-lot-of plugins and maybe core code. (Those with Firefox, install NoScript to do this stuff automatically.)
More Juicy Stuff
If you want to use NoScript, it'll only work if you use it properly. Otherwise stick to lynx.
1 comment:
This blog died pretty quickly. Didn't bother because of your tiny readership, eh? Good idea though, I may copy it. =P
Post a Comment