[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Javascript security question

On Fri, 21 Aug 2009 09:25:15 +0000 (GMT)
Sadece Gercekler <inanma@xxxxxxxxx> wrote:

> I know that enabling javascript is insecure. But my question is
> specific to gmail, google reader, yahoo mail, and blogger.com. These
> are the sites I'm mainly accessing.
> Do you think enabling javascript for these sites can be OK?
> Thanks
It's not safe.. The problem isn't the sites you are visiting.. The
problem is that an Evil exit node can inject javascript into any
(non https) page you are viewing. yahoo mail falls into this category,
as could google reader and blogger.com (you can force google reader to
https but it is easy to forget). The clever use of javascript can pose
many security risks other then simply unmasking your IP address. I
would STRONGLY advise against using TOR with javascript enabled.
(unless you explicitly trust (own/administer) the exit node.. but this
presents problems of it's own ;)  ).



This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )

Attachment: signature.asc
Description: PGP signature