[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Javascript security question
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Javascript security question
- From: James Brown <jbrownfirst@xxxxxxxxx>
- Date: Fri, 21 Aug 2009 14:06:07 +0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 21 Aug 2009 06:06:18 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=A0nR9XjJFPqiwOx95B9w6nfEaXy8x1RsQLi97+hiZPw=; b=OaSF/LvK1xBCn8iocbkWBeT3sieTpTkJKqdynF4KHETvmXYpIEhrKFZZf5v2KIB5hW 2kaYjUVYemrdd5CdWMGB5MBN6FRaZhIa1pX2k0zo03ak11d8gOYJJ1iyScB82JSGT/Jq icD5vH+waky9diHeUQ07t4wN/gjxSR7oR0X0A=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=An4Rkd2xaLrz2VF9G3lit5MwITiUbhrhFMKlZhQfpw2jz6Y0EGVtgiw6fqxclrVFOU TzY3e7T2A6I1Yfd2IvBJ1lT9INCCVlk7TPk/nce7PO6nP5FOT9SeNYT3E3BmMNJcEeGv SxW1wj7oh8am5GkDzdEwno9bF98tpTVZqVc5g=
- In-reply-to: <20090821093703.GN4508@xxxxxxxxx>
- References: <236316.99637.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20090821093703.GN4508@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090707)
Eugen Leitl wrote:
> On Fri, Aug 21, 2009 at 09:25:15AM +0000, Sadece Gercekler wrote:
>
>> I know that enabling javascript is insecure. But my question is specific to gmail, google reader, yahoo mail, and blogger.com. These are the sites I'm mainly accessing.
>>
>> Do you think enabling javascript for these sites can be OK?
>>
>
> Who knows? Have you considered the ads, or that you might get a custom
> version when detected you're coming from a Tor exit?
>
>
Probably the javascript can steal only your internal ip-adress, not
external. Then, if you machine is behind NAT it is probable secure for
you. (But you need obligatly disable the java in your browser because
the java-applications can steal you external ip-address.