[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Javascript security question
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Javascript security question
- From: Freemor <freemor@xxxxxxxxx>
- Date: Fri, 21 Aug 2009 10:26:17 -0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 21 Aug 2009 09:26:33 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:reply-to:x-mailer:face :mime-version:content-type; bh=IIM0noonV6Y8NMcC/2SEULoaG4PnXp+4n199fAzzTVk=; b=He34hIcPwZWa/2sTKtTtuGMc1nWdmDuTgUK4qzUWCT8AVdct2ODuaWSJyXB5kGH7fS JhoOqnrWmNGf9kcm9ODmVLPZRWhbOmjKfx1iX2M5u2N/bfFoBNl1Ht3110WyPX9yQq4j fxeFz4+jp4hGMHTkEfXmGoULirtNYjX6YAsfg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :x-mailer:face:mime-version:content-type; b=IHuhwAXNgu1aSuK+p8wR7830ztIzBWK/O/Xc7Brq+vm22cVABHLXqr2h2+xarYnlnV Vk1Q2yzZ/IyEcEG2ygt//FxOHfYxBEjyp73aIsRnZ6pzTuwhvyaMlZ3spk1SwwGsPd7Z ClJR8Urp6pm/82uRFl8YU2AetxqdwiApEy204=
- Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
- In-reply-to: <236316.99637.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <236316.99637.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Fri, 21 Aug 2009 09:25:15 +0000 (GMT)
Sadece Gercekler <inanma@xxxxxxxxx> wrote:
> I know that enabling javascript is insecure. But my question is
> specific to gmail, google reader, yahoo mail, and blogger.com. These
> are the sites I'm mainly accessing.
>
> Do you think enabling javascript for these sites can be OK?
>
> Thanks
>
>
>
It's not safe.. The problem isn't the sites you are visiting.. The
problem is that an Evil exit node can inject javascript into any
(non https) page you are viewing. yahoo mail falls into this category,
as could google reader and blogger.com (you can force google reader to
https but it is easy to forget). The clever use of javascript can pose
many security risks other then simply unmasking your IP address. I
would STRONGLY advise against using TOR with javascript enabled.
(unless you explicitly trust (own/administer) the exit node.. but this
presents problems of it's own ;) ).
Regards,
Freemor
--
freemor@xxxxxxxxxxx
freemor@xxxxxxxxx
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
Attachment:
signature.asc
Description: PGP signature