How secure is google chrome and other questions

Discussion in 'NZ Computing' started by nospam, May 1, 2011.

  1. nospam

    nospam Guest

    Using the latest google chrome on fully patched Windows XP with
    javascript enabled and some standard plugins like shockwave and pdf
    viewer, is it possible for a virus or malware to get onto a computer
    just by visiting websites (without downloading anything) ?

    Has anyone had this happen to them or know of it happening. If so
    what was the virus or malware?

    Using google chrome, does it ever download and execute native machine
    code without me realising it - like maybe Active X controls or
    something?

    I use Norton Internet security and sometime it pops up a window that
    says it has blocked something from attacking my computer. I also have
    a router with a firewall. What kind of thing is it that Norton thinks
    it has blocked and what could it do to my computer?

    Why don't Linux machines need security software? Is it because not
    many viruses are targetted at Linux or is Linux immune to the kind of
    threats that I mentioned above that Norton thinks it blocked.?

    Thanks in advance.
     
    nospam, May 1, 2011
    #1
    1. Advertising

  2. nospam

    Murray Symon Guest

    nospam wrote:

    >
    > Using the latest google chrome on fully patched Windows XP with
    > javascript enabled and some standard plugins like shockwave and pdf
    > viewer, is it possible for a virus or malware to get onto a computer
    > just by visiting websites (without downloading anything) ?
    >
    > Has anyone had this happen to them or know of it happening. If so
    > what was the virus or malware?
    >
    > Using google chrome, does it ever download and execute native machine
    > code without me realising it - like maybe Active X controls or
    > something?
    >
    > I use Norton Internet security and sometime it pops up a window that
    > says it has blocked something from attacking my computer. I also have
    > a router with a firewall. What kind of thing is it that Norton thinks
    > it has blocked and what could it do to my computer?
    >
    > Why don't Linux machines need security software? Is it because not
    > many viruses are targetted at Linux or is Linux immune to the kind of
    > threats that I mentioned above that Norton thinks it blocked.?
    >
    > Thanks in advance.


    With Javascript running lots of attacks are possible.
    One possibility is cross-site scripting (XSS).
     
    Murray Symon, May 1, 2011
    #2
    1. Advertising

  3. nospam

    nospam Guest

    On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    <> wrote:

    >
    >With Javascript running lots of attacks are possible.
    >One possibility is cross-site scripting (XSS).


    I read the wikipedia article on this but I can't understand very much.

    <quote>
    Mallory crafts a URL to exploit the vulnerability, and sends Alice an
    email, enticing her to click on a link for the URL under false
    pretenses. This URL will point to Bob's website, but will contain
    Mallory's malicious code, which the website will reflect.
    Alice visits the URL provided by Mallory while logged into Bob's
    website.
    The malicious script embedded in the URL executes in Alice's browser,
    as if it came directly from Bob's server (this is the actual XSS
    vulnerability). The script can be used to send Alice's session cookie
    to Mallory. Mallory can then use the session cookie to steal sensitive
    information available to Alice (authentication credentials, billing
    info, etc.) without Alice's knowledge.
    <end quote>


    A URL is something like http://bob.com right?

    How can a URL "contain malicious code" or have a malicious script
    embedded in it?
     
    nospam, May 1, 2011
    #3
  4. nospam

    Gordon Guest

    On 2011-05-01, nospam <> wrote:
    >
    > Using the latest google chrome on fully patched Windows XP with
    > javascript enabled and some standard plugins like shockwave and pdf
    > viewer, is it possible for a virus or malware to get onto a computer
    > just by visiting websites (without downloading anything) ?


    The question is whather or not it is possible, but rather the risk.
    >
    > Has anyone had this happen to them or know of it happening. If so
    > what was the virus or malware?
    >
    > Using google chrome, does it ever download and execute native machine
    > code without me realising it - like maybe Active X controls or
    > something?


    something, sure does that eh?


    >
    > I use Norton Internet security and sometime it pops up a window that
    > says it has blocked something from attacking my computer. I also have
    > a router with a firewall. What kind of thing is it that Norton thinks
    > it has blocked and what could it do to my computer?


    Remove Norton and let it do its thing. Then you will know. Does the denial
    mess up your use of the machine?


    >
    > Why don't Linux machines need security software?


    [removed my response to the grammer above]


    > Is it because not
    > many viruses are targetted at Linux or is Linux immune to the kind of
    > threats that I mentioned above that Norton thinks it blocked.?


    Both. Linux, evoled out of Unix which was, and still is, a multi user
    system. So nasty natty needed to be restrained from messing up other users
    files, or the operating system files.

    Ms Windows is attacked because, mostly, it is the biggest bang for the buck.

    Sony, the company that claims to take security seriously, was hacked to the
    tune of millions of users data going to the third party.

    A virus on Linux can only really mess up the home/user directory which is
    not a heck of alot of use to someone who wants to steal ones idenity or take
    over ones PC for bot use.

    History plays a part in all of this. Ms Windows was born into it has to work
    now for $. Unix came from a "real" world situation. Ms Windows has been
    handicapped as a result.




    >
    > Thanks in advance.
     
    Gordon, May 1, 2011
    #4
  5. nospam

    Gordon Guest

    On 2011-05-01, nospam <> wrote:
    > On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    ><> wrote:
    >
    >>
    >>With Javascript running lots of attacks are possible.
    >>One possibility is cross-site scripting (XSS).

    >
    > I read the wikipedia article on this but I can't understand very much.
    >
    ><quote>
    > Mallory crafts a URL to exploit the vulnerability, and sends Alice an
    > email, enticing her to click on a link for the URL under false
    > pretenses. This URL will point to Bob's website, but will contain
    > Mallory's malicious code, which the website will reflect.
    > Alice visits the URL provided by Mallory while logged into Bob's
    > website.


    Hold it right there. Alice fell down a rabbit hole. She was wise enuff never
    to click on a link from someone she did not trust, yet alone know.

    Keep going nospam. You are on a learning curve.


    http://en.wikipedia.org/wiki/Phil_Zimmermann

    He once said that it was about whom does one trust.
     
    Gordon, May 1, 2011
    #5
  6. nospam

    Enkidu Guest

    On 01/05/11 12:45, nospam wrote:
    >
    > Using the latest google chrome on fully patched Windows XP with
    > javascript enabled and some standard plugins like shockwave and pdf
    > viewer, is it possible for a virus or malware to get onto a computer
    > just by visiting websites (without downloading anything) ?
    >
    > Has anyone had this happen to them or know of it happening. If so
    > what was the virus or malware?
    >
    > Using google chrome, does it ever download and execute native machine
    > code without me realising it - like maybe Active X controls or
    > something?
    >
    > I use Norton Internet security and sometime it pops up a window that
    > says it has blocked something from attacking my computer. I also have
    > a router with a firewall. What kind of thing is it that Norton thinks
    > it has blocked and what could it do to my computer?
    >
    > Why don't Linux machines need security software? Is it because not
    > many viruses are targetted at Linux or is Linux immune to the kind of
    > threats that I mentioned above that Norton thinks it blocked.?
    >

    No viruses (or very few) are targetted at Linux. To some extent the way
    that Linux works makes it harder to get control of the machine, but
    that's not an absolute. I believe that most attacks these days that are
    more than a nuisance value are 'social engineering' ones where the user
    is persuaded to run a progam which gives the attacker control. A bit
    like the Irish Virus: http://www.avolites.com/jokes/irishvirus.htm

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
     
    Enkidu, May 1, 2011
    #6
  7. nospam

    Enkidu Guest

    On 01/05/11 15:54, nospam wrote:
    > On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    > <> wrote:
    >
    >>
    >> With Javascript running lots of attacks are possible.
    >> One possibility is cross-site scripting (XSS).

    >
    > I read the wikipedia article on this but I can't understand very much.
    >
    > <quote>
    > Mallory crafts a URL to exploit the vulnerability, and sends Alice an
    > email, enticing her to click on a link for the URL under false
    > pretenses. This URL will point to Bob's website, but will contain
    > Mallory's malicious code, which the website will reflect.
    > Alice visits the URL provided by Mallory while logged into Bob's
    > website.
    > The malicious script embedded in the URL executes in Alice's browser,
    > as if it came directly from Bob's server (this is the actual XSS
    > vulnerability). The script can be used to send Alice's session cookie
    > to Mallory. Mallory can then use the session cookie to steal sensitive
    > information available to Alice (authentication credentials, billing
    > info, etc.) without Alice's knowledge.
    > <end quote>
    >
    >
    > A URL is something like http://bob.com right?
    >
    > How can a URL "contain malicious code" or have a malicious script
    > embedded in it?
    >

    The URL given above is actually short for something like
    http://bob.com/index.html usually. However the 'index.html' may be
    substituted by 'index.php' which is a script. Or maybe 'index.cgi'.

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
     
    Enkidu, May 1, 2011
    #7
  8. nospam

    Murray Symon Guest

    nospam wrote:

    > On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    > <> wrote:
    >
    >>
    >>With Javascript running lots of attacks are possible.
    >>One possibility is cross-site scripting (XSS).

    >
    > I read the wikipedia article on this but I can't understand very much.
    >


    Malicious Javasript can be injected into big-name websites that have
    no intent to be malicious. It can be come embedded in public-editable
    sections of pages, such as the now ubiquitous "comments" section.
    Websites should guard against such injection, but not all of them do.
    Once the page has been displayed the Javascript has been executed.
    You may then have become victim to a drive-by download or, similar.
     
    Murray Symon, May 1, 2011
    #8
  9. On Sun, 01 May 2011 12:45:45 +1200, nospam <> wrote:

    >
    >Using the latest google chrome on fully patched Windows XP with
    >javascript enabled and some standard plugins like shockwave and pdf
    >viewer, is it possible for a virus or malware to get onto a computer
    >just by visiting websites (without downloading anything) ?
    >
    >Has anyone had this happen to them or know of it happening. If so
    >what was the virus or malware?
    >
    >Using google chrome, does it ever download and execute native machine
    >code without me realising it - like maybe Active X controls or
    >something?
    >
    >I use Norton Internet security and sometime it pops up a window that
    >says it has blocked something from attacking my computer. I also have
    >a router with a firewall. What kind of thing is it that Norton thinks
    >it has blocked and what could it do to my computer?
    >
    >Why don't Linux machines need security software? Is it because not
    >many viruses are targetted at Linux or is Linux immune to the kind of
    >threats that I mentioned above that Norton thinks it blocked.?
    >
    >Thanks in advance.




    All Google stuff is Spyware, did you not know that..?


    Use Opera as it does not come from the Evil US.
     
    William Brown, May 1, 2011
    #9
  10. nospam

    nospam Guest

    On Sun, 01 May 2011 17:44:23 +1200, Enkidu <>
    wrote:

    >>
    >>
    >> A URL is something like http://bob.com right?
    >>
    >> How can a URL "contain malicious code" or have a malicious script
    >> embedded in it?
    > >

    >The URL given above is actually short for something like
    >http://bob.com/index.html usually. However the 'index.html' may be
    >substituted by 'index.php' which is a script. Or maybe 'index.cgi'.
    >


    And where is the script located? Is it embedded in the URL?
     
    nospam, May 1, 2011
    #10
  11. nospam

    Enkidu Guest

    On 01/05/11 19:21, nospam wrote:
    > On Sun, 01 May 2011 17:44:23 +1200, Enkidu<>
    > wrote:
    >
    >>>
    >>>
    >>> A URL is something like http://bob.com right?
    >>>
    >>> How can a URL "contain malicious code" or have a malicious script
    >>> embedded in it?
    >>>

    >> The URL given above is actually short for something like
    >> http://bob.com/index.html usually. However the 'index.html' may be
    >> substituted by 'index.php' which is a script. Or maybe 'index.cgi'.

    >
    > And where is the script located? Is it embedded in the URL?
    >

    Nope. You ask for http://bob.com. The server serves the 'default page'
    which can be pretty much anything but mostly starts with 'index.'.

    So you request http://bob.com and the server translates that request to
    http://bob.com/index.php and runs the script index.php and returns the
    result to you as HTML.

    I just realised that I might have given the wrong impression above.
    Running the script as I've described is server side and won't in itself
    cause you problems. However, things like JavaScript, which run on YOUR
    machine and get served along with the page might do something malicious.

    Cheers,

    Cliff

    --

    The ends justifies the means - Niccolò di Bernardo dei Machiavelli.

    The end excuses any evil - Sophocles
     
    Enkidu, May 1, 2011
    #11
  12. nospam

    nospam Guest

    On Mon, 02 May 2011 09:36:20 +1200, Enkidu <>
    wrote:

    >On 01/05/11 19:21, nospam wrote:
    >> On Sun, 01 May 2011 17:44:23 +1200, Enkidu<>
    >> wrote:
    >>
    >>>>
    >>>>
    >>>> A URL is something like http://bob.com right?
    >>>>
    >>>> How can a URL "contain malicious code" or have a malicious script
    >>>> embedded in it?
    >>>>
    >>> The URL given above is actually short for something like
    >>> http://bob.com/index.html usually. However the 'index.html' may be
    >>> substituted by 'index.php' which is a script. Or maybe 'index.cgi'.

    >>
    >> And where is the script located? Is it embedded in the URL?
    > >

    >Nope. You ask for http://bob.com. The server serves the 'default page'
    >which can be pretty much anything but mostly starts with 'index.'.
    >
    >So you request http://bob.com and the server translates that request to
    >http://bob.com/index.php and runs the script index.php and returns the
    >result to you as HTML.
    >
    >I just realised that I might have given the wrong impression above.
    >Running the script as I've described is server side and won't in itself
    >cause you problems. However, things like JavaScript, which run on YOUR
    >machine and get served along with the page might do something malicious.



    ok, in that case the example on Wikipedia is badly written because it
    uses the term URL when it appears to mean "web page". Here it is
    again

    <quote>
    Mallory crafts a URL to exploit the vulnerability, and sends Alice an
    email, enticing her to click on a link for the URL under false
    pretenses. This URL will point to Bob's website, but will contain
    Mallory's malicious code, which the website will reflect.
    Alice visits the URL provided by Mallory while logged into Bob's
    website.
    The malicious script embedded in the URL executes in Alice's browser,
    as if it came directly from Bob's server (this is the actual XSS
    vulnerability). The script can be used to send Alice's session cookie
    to Mallory. Mallory can then use the session cookie to steal sensitive
    information available to Alice (authentication credentials, billing
    info, etc.) without Alice's knowledge.
    <end quote>

    So how does Mallory get his malicious script into a Web page served up
    by Bob's website?
     
    nospam, May 2, 2011
    #12
  13. nospam

    nospam Guest

    On Mon, 02 May 2011 23:55:46 +1200, nospam <>
    wrote:

    >On Mon, 02 May 2011 09:36:20 +1200, Enkidu <>
    >wrote:
    >
    >>On 01/05/11 19:21, nospam wrote:
    >>> On Sun, 01 May 2011 17:44:23 +1200, Enkidu<>
    >>> wrote:
    >>>
    >>>>>
    >>>>>
    >>>>> A URL is something like http://bob.com right?
    >>>>>
    >>>>> How can a URL "contain malicious code" or have a malicious script
    >>>>> embedded in it?
    >>>>>
    >>>> The URL given above is actually short for something like
    >>>> http://bob.com/index.html usually. However the 'index.html' may be
    >>>> substituted by 'index.php' which is a script. Or maybe 'index.cgi'.
    >>>
    >>> And where is the script located? Is it embedded in the URL?
    >> >

    >>Nope. You ask for http://bob.com. The server serves the 'default page'
    >>which can be pretty much anything but mostly starts with 'index.'.
    >>
    >>So you request http://bob.com and the server translates that request to
    >>http://bob.com/index.php and runs the script index.php and returns the
    >>result to you as HTML.
    >>
    >>I just realised that I might have given the wrong impression above.
    >>Running the script as I've described is server side and won't in itself
    >>cause you problems. However, things like JavaScript, which run on YOUR
    >>machine and get served along with the page might do something malicious.

    >
    >
    >ok, in that case the example on Wikipedia is badly written because it
    >uses the term URL when it appears to mean "web page". Here it is
    >again
    >
    ><quote>
    >Mallory crafts a URL to exploit the vulnerability, and sends Alice an
    >email, enticing her to click on a link for the URL under false
    >pretenses. This URL will point to Bob's website, but will contain
    >Mallory's malicious code, which the website will reflect.
    >Alice visits the URL provided by Mallory while logged into Bob's
    >website.
    >The malicious script embedded in the URL executes in Alice's browser,
    >as if it came directly from Bob's server (this is the actual XSS
    >vulnerability). The script can be used to send Alice's session cookie
    >to Mallory. Mallory can then use the session cookie to steal sensitive
    >information available to Alice (authentication credentials, billing
    >info, etc.) without Alice's knowledge.
    ><end quote>
    >
    >So how does Mallory get his malicious script into a Web page served up
    >by Bob's website?


    After reading some of the Wikipedia article again I think the
    malicious script actually is in the URL that Alice clicks on. i.e.
    it's not a simple URL like http://bob.com but rather it's a long
    complicated URL like when user form data is being submitted e.g. this
    (not quite real)

    http://www.bob.com/#hl=en&sugexp=gs...=0&aqi=&aql=f&oq=xss&pbx=1/script=alert'hello'

    <quote>
    The non-persistent (or reflected) cross-site scripting vulnerability
    is by far the most common type.[10] These holes show up when the data
    provided by a web client, most commonly in HTTP query parameters or in
    HTML form submissions, is used immediately by server-side scripts to
    generate a page of results for that user, without properly sanitizing
    the request.[11]
    Because HTML documents have a flat, serial structure that mixes
    control statements, formatting, and the actual content, any
    non-validated user-supplied data included in the resulting page
    without proper HTML encoding, may lead to markup injection.[10][11] A
    classic example of a potential vector is a site search engine: if one
    searches for a string, the search string will typically be redisplayed
    verbatim on the result page to indicate what was searched for. If this
    response does not properly escape or reject HTML control characters, a
    cross-site scripting flaw will ensue
    <end quote>
     
    nospam, May 2, 2011
    #13
  14. nospam

    nospam Guest

    On Sun, 01 May 2011 18:50:18 +1200, Murray Symon
    <> wrote:

    >nospam wrote:
    >
    >> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    >> <> wrote:
    >>
    >>>
    >>>With Javascript running lots of attacks are possible.
    >>>One possibility is cross-site scripting (XSS).

    >>
    >> I read the wikipedia article on this but I can't understand very much.
    >>

    >
    >Malicious Javasript can be injected into big-name websites that have
    >no intent to be malicious. It can be come embedded in public-editable
    >sections of pages, such as the now ubiquitous "comments" section.
    >Websites should guard against such injection, but not all of them do.
    >Once the page has been displayed the Javascript has been executed.
    >You may then have become victim to a drive-by download or, similar.


    As far as I know, Google chrome won't download and save a file unless
    I explicitly give permission. It should be easy for a browser to
    prevent javascript from placing a virus or malware on my computer or
    doing anything to my computer.
     
    nospam, May 3, 2011
    #14
  15. nospam

    Dave Doe Guest

    In article <>,
    , nospam says...
    >
    > On Sun, 01 May 2011 18:50:18 +1200, Murray Symon
    > <> wrote:
    >
    > >nospam wrote:
    > >
    > >> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    > >> <> wrote:
    > >>
    > >>>
    > >>>With Javascript running lots of attacks are possible.
    > >>>One possibility is cross-site scripting (XSS).
    > >>
    > >> I read the wikipedia article on this but I can't understand very much.
    > >>

    > >
    > >Malicious Javasript can be injected into big-name websites that have
    > >no intent to be malicious. It can be come embedded in public-editable
    > >sections of pages, such as the now ubiquitous "comments" section.
    > >Websites should guard against such injection, but not all of them do.
    > >Once the page has been displayed the Javascript has been executed.
    > >You may then have become victim to a drive-by download or, similar.

    >
    > As far as I know, Google chrome won't download and save a file unless
    > I explicitly give permission. It should be easy for a browser to
    > prevent javascript from placing a virus or malware on my computer or
    > doing anything to my computer.


    You probably need to re-read what he said. Perhaps "upload" would have
    been a better word?

    Short of it is, he's talking about Javascript - which runs locally on
    your computer. If you run Windows XP, then you are proabably (by
    default unless you've changed it) an administrator. So the Javascript
    is running in the same privilege.

    So say for example a hacker manages to cause your banking website to
    (effectively) include their malicious Javascript - and thereby get
    ("drive-by download") your details.

    --
    Duncan.
     
    Dave Doe, May 3, 2011
    #15
  16. nospam

    Dave Doe Guest

    In article <-september.org>,
    , Dave Doe says...
    >
    > In article <>,
    > , nospam says...
    > >
    > > On Sun, 01 May 2011 18:50:18 +1200, Murray Symon
    > > <> wrote:
    > >
    > > >nospam wrote:
    > > >
    > > >> On Sun, 01 May 2011 15:03:22 +1200, Murray Symon
    > > >> <> wrote:
    > > >>
    > > >>>
    > > >>>With Javascript running lots of attacks are possible.
    > > >>>One possibility is cross-site scripting (XSS).
    > > >>
    > > >> I read the wikipedia article on this but I can't understand very much.
    > > >>
    > > >
    > > >Malicious Javasript can be injected into big-name websites that have
    > > >no intent to be malicious. It can be come embedded in public-editable
    > > >sections of pages, such as the now ubiquitous "comments" section.
    > > >Websites should guard against such injection, but not all of them do.
    > > >Once the page has been displayed the Javascript has been executed.
    > > >You may then have become victim to a drive-by download or, similar.

    > >
    > > As far as I know, Google chrome won't download and save a file unless
    > > I explicitly give permission. It should be easy for a browser to
    > > prevent javascript from placing a virus or malware on my computer or
    > > doing anything to my computer.

    >
    > You probably need to re-read what he said. Perhaps "upload" would have
    > been a better word?
    >
    > Short of it is, he's talking about Javascript - which runs locally on
    > your computer. If you run Windows XP, then you are proabably (by
    > default unless you've changed it) an administrator. So the Javascript
    > is running in the same privilege.
    >
    > So say for example a hacker manages to cause your banking website to
    > (effectively) include their malicious Javascript - and thereby get
    > ("drive-by download") your details.


    I'd didn't explain that well at all. I started going down two roads.
    One is cross-site scripting (my example), the other is running
    Javascpript external to the browser on XP (outside the sandbox). I
    don't think IE8 allows it. IE7 probably doesn't either.

    --
    Duncan.
     
    Dave Doe, May 3, 2011
    #16
  17. nospam

    nospam Guest

    On Tue, 3 May 2011 14:17:12 +1200, Dave Doe <> wrote:

    >
    >You probably need to re-read what he said. Perhaps "upload" would have
    >been a better word?


    You probably need to google "drive by download"

    >
    >Short of it is, he's talking about Javascript - which runs locally on
    >your computer. If you run Windows XP, then you are proabably (by
    >default unless you've changed it) an administrator. So the Javascript
    >is running in the same privilege.
    >
    >So say for example a hacker manages to cause your banking website to
    >(effectively) include their malicious Javascript - and thereby get
    >("drive-by download") your details.


    That's not a drive by download.
     
    nospam, May 3, 2011
    #17
  18. nospam

    Dave Doe Guest

    In article <>,
    , nospam says...
    >
    > On Tue, 3 May 2011 14:17:12 +1200, Dave Doe <> wrote:
    >
    > >
    > >You probably need to re-read what he said. Perhaps "upload" would have
    > >been a better word?

    >
    > You probably need to google "drive by download"
    >
    > >
    > >Short of it is, he's talking about Javascript - which runs locally on
    > >your computer. If you run Windows XP, then you are proabably (by
    > >default unless you've changed it) an administrator. So the Javascript
    > >is running in the same privilege.
    > >
    > >So say for example a hacker manages to cause your banking website to
    > >(effectively) include their malicious Javascript - and thereby get
    > >("drive-by download") your details.

    >
    > That's not a drive by download.


    And as said, I don't think that's what he really meant (I don't think
    it's the right term).

    --
    Duncan.
     
    Dave Doe, May 3, 2011
    #18
  19. nospam

    nospam Guest

    On Tue, 3 May 2011 14:51:39 +1200, Dave Doe <> wrote:

    >> >
    >> >So say for example a hacker manages to cause your banking website to
    >> >(effectively) include their malicious Javascript - and thereby get
    >> >("drive-by download") your details.

    >>
    >> That's not a drive by download.

    >
    >And as said, I don't think that's what he really meant (I don't think
    >it's the right term).


    I don't think you know enough to make any comment at all, let alone
    judge what someone else meant. In any case, I was quoting you, not
    him.
     
    nospam, May 3, 2011
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    646
  2. Replies:
    0
    Views:
    858
  3. S Claus
    Replies:
    0
    Views:
    534
    S Claus
    Jun 7, 2009
  4. Max Burke
    Replies:
    1
    Views:
    820
    Gordon
    Jul 11, 2009
  5. Replies:
    2
    Views:
    197
    Jeff Strickland
    Feb 3, 2014
Loading...

Share This Page