- <Nekro> So, as quick question, can someone exploit a weakly-defended site to exploit you?
- <Nekro> Or do the malicious site owners have to make an active effort to do it?
- <fancycakes> Wait
- <Nekro> I want to make a permanent exception for Tormail's Roundcube to allow JS for NoScript
- <fancycakes> Is it the use who's exploiting vulnerabilities, or is it the webmaster exploiting browser vulnerabilities?
- <fancycakes> *user
- <Nekro> webmaster
- <fancycakes> Um.
- <Nekro> Or user, for that matter. If he manages to somehow do something to the page
- <fancycakes> The Tor Project has said recently that banning JS with TBB is less secure/anonymous than having all JS allowed.
- <fancycakes> Having JS disabled is easier to associate with certain visitors than those who allow all JS.
- <Nekro> So it's actually [i]better[/i] to always have JS enabled?
- <Corsair> Profiling people based off of their JS status?
- <Nekro> Fail italics
- <fancycakes> It is better to have JS allowed.
- <Nekro> That's a total mindfuck
- <Corsair> agreed..
- <fancycakes> I should say it's more anonymous
- <fancycakes> You still should watch out for malicious JS.
- <Nekro> Until someone manages to exploit the JS into revealing your IP :P
- <Nekro> Can I throw this whole conversation up on a Pastebin for the future or no? Because this is a whole new revelation for me
- <Corsair> Still doesn't seem right
- * vorbidd (vorbidd@OnionNet) has joined #torchan
- <vorbidd> o/
- <Corsair> \o
- <fancycakes> The Tor Project released a blogpost about it.
- <Nekro> Huh, I'll look into it
Nekro Apr 7th, 2012 765 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data