David

Thanks for that.  I have done a little research and I am not sure that all of the things you mention are as risky as you suggest.  The OS you are using does make a difference, as I understand it, because the JS exploit will be downloading the malicious executable from a web site rather than actually carrying out the exploit itself.  Also, the malicious JS will need to exploit a browser vulnerability - so if you keep you browser up to date there should not be much risk; the malware writers find the vulnerabilities from the browser authors when they plug the holes and issue and update.

Anyway, this is off topic really, I apologise and you're right there is a risk.  But I am happy to continue with JavaScript enabled on my computers.

Tony

On 1 October 2011 20:44, david <gnome@hawaii.rr.com> wrote:
Your OS makes no difference: malicious Javascript uses the browser as its platform, not the OS.

It's possible to Javascript to turn your browser session into a bot; it's possible to use Javascript to probe networks hidden behind routers and firewalls, identify targets and route target-specific attacks to those targets; it's possible for Javascript to capture login IDs and passwords.

It's possible to use Javascript to track what sites you go to and what you do there - which is why Google says its OK to run Javascript. Their Google Analytics tool requires Javascript. So if someone has Javascript turned off, Google doesn't get any tracking information to use and sell to their paying customers.

There's no need to require Javascript for site navigation.

Tony Austin wrote:
Is JavaScript so bad?  Why turn it off?  I am happy to have it on all the time and the worries are much less under Linux.  It's not Java or ActiveX after all.

On 1 October 2011 10:34, Arve Barsnes wrote:


   On 1 October 2011 08:53, Lorenzo Sutton wrote:
    > On 10/01/2011 04:14 AM, Ken Restivo wrote:
    >>
    >> On Sat, Oct 01, 2011 at 03:00:02AM +0200, Peter Crighton wrote:
    >>>
    >>> Hello list,
    >>> I just wanted to let you know that I started a new blog about
    >>> Recording on Linux: http://linux-recording.blogspot.com/
    >>> The first entry (well, not counting the introduction here) is about
    >>> using the Analogue Drums Big Mono drumkit with Hydrogen. Let me
   know
    >>> what you think about the blog, any constructive criticism is much
    >>> appreciated!
    >>>
    >>
    >> *sigh*, Google, doesn't anyone use HTML anymore?
    >>
    >> This is what that website looks like with JavaScript turned off:
    >>
    >> http://storage.restivo.org/misc/blogger.jpg
    >>
    >> I'm sure it's a fantastic blog, but, I dunno what Google has
   done to it.
    >
    > If truth be told it seems a problem with this particular blog
   (which by the
    > way seems a very cool idea ;) - other blogspot blogs seem to work
   with
    > JavaScript turned off.
    >
    > I'm not a blogger user so I'm not sure what google puts in when
   you create a
    > blog and what it leaves to the user. Maybe, the massive use of
   JavaScript
    > comes in for recently created ones?
    >
    > That said. Yes it seems that google is pushing more and more for
   the use of
    > JavaScript see e.g.
    >
   http://googlesystem.blogspot.com/2007/05/no-javascript-no-google-navigation.html
    >
   It seems that, without allowing javascript from blogblog.com
   <http://blogblog.com> this

   particular blog doesn't work at all. Is that also owned by Google?

   Arve

--
David
gnome@hawaii.rr.com
authenticity, honesty, community

_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-user