PC World Malicious HTML In E-Mail Increases: Defense "Turn Off"?
Sep 27, 2010
This article was just published on [URL].. As I read it this is about a new twist to an old issue. (see excerpts below) 1 - I thought JavaScript was in a "sandbox" and prevented inappropriate access to the local machine. Is this no longer true?
2 - More to the point: Can or are any modifications to JavaScript be done by the JavaScript development team... who ever that is (Oracle?)... to fix what ever JavaScript vulnerabilities are being exploited?
3 - Are there other defenses for the client machine other than those mentioned in the excerpt below? (Turn off JavaScript in their browsers, etc.) 4 - If there is no vigorous response to this by the JavaScript development team how can we continue to create apps with JavaScript as such will encourage people to simply turn off java script in their browsers and that will encourage other web developers to simply not use JavaScript on their sites.
5 - Is Oracle the "owner" or "keeper" of javascript? I looked on the Oracle Forums and saw no forum for javascript. If not Oracle who is addressing issues like these?
Article Excerpts: More recently still, the spammers started embedding the JavaScript inside the HTML file (rather than as a simple file attachment), to spread the horrible Zeus banking Trojan.
"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen. The only defenses against this sort of attack are either for it to be filtered at the gateway so it never reaches the user, or for the user to disable JavaScript in their browser. Security software on the PC might catch the exploit.End Excerpt.
how to adjust the iframe height by itself if my html height increases. My html code includes a facebook comment at the bottom of my page and the comment will show making it expand the height once users post comments. On the other hand, I'm using a CMS that have its own iframe. I've tried many solutions that can be found on the web but none works. It only can work if I don't put in CMS. Is it possible to adjust the iframe height using CMS or there is no way?
What I want to do is somehow get my browser version through javascript:
Code:
var browse = navigator.appName; and then mail that to myself. I can't figure out how to get that variable into php so I can email. I'm aware of the difference between client/server side, so I need to know how I could POST the value to another page or something.
I've seen examples of how to turn xml into html, but how can I make the html output clickable so as to be able to access the corresponding original xml element (to read its attribute values)?
I am creating a cookie that increases a "value" or "integer" by 1 (ie Y+1) every time any page inside my webpage. Any webpage that i put the code into. right now I need it so that when you visit a page with the code it increases the variable or "cookie" (Y) by 1. when Y reaches a certain number, I.E 10, it resets Y to "0" and redirects you to a URL. Please explain where each value would go in any replies. EX: when opening the menu of an iPod game it asks you to rate the game, saying remind me later resets the value to "0" and saying rate now, resets to "0" but does not keep counting on the next page. [Code] .....
I have this case:1) A #box that works as a container, it has overflow:hidden and position:relative.2) A #dynamic div that is inside of the #box, it has a padding:0 that gives it a height greater than its parent, it has position:absolute3) Inside the #dynamic div there are a random quantity of divs with the class of .item. There are two anchors, one anchor when clicked increases the top position of the #dynamic by 100px, the other anchor does the opposite.This is the code I tried:The problem with my code, is that when the anchor is clicked it only changes to 100px the value of the top position, instead of increasing its value by 100px each time it is clicked.By the way, the #dynamic div must always be in sight within #box, to prevent that many clicks send too far the position of the #dynamic. Making a big hole in the design.
I have a bit of coding that is keeping me up at nights because of it's damn stubborness. All I want to do is pop-up an Alert that says Hello World.
I'm new to coding period so I'm writing verbatim dummies javascript book examples.
Here is the code for the script:
Okay I've done this code , and variations and only have ended up with the same message in firefox "syntax error""quirks mode".In IE 8 I get messages to cryptic to understand.
So what gives? Where is my error in syntax?The code makes sense to me, and I'm following XHTML conventions.:
AIUI, it was not all that long ago when the threat to personal users, was attachments that when executed compromised machines with keyloggers, trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail and getting affected through the scripting. My understanding is that the script downloads the malicious program from the web and sets it to run on start up through the start-up folder or in the registry.
I don't know much about this; can someone suggest a good web site to start learning a bit more about these threats. I have googled, but I am not quire sure of the best search terms, and since there is so much information out there, a site that experienced people endorse would be a lot of help.
In particular, it seems as if JavaScript dowloading a trojran without the user clicking an attachment is a big problem.
I have a website that allows users to enter complex mathematical formulas into a text field and evaluates them.
I am currently using eval() because it not only can handle all the standard mathematical functions, but also gives them access to the Math object. That way the users can use functions such as Math.max() and everything else.
I realize, though, that using eval is evil, I assume because a malicious user might throw in some more damaging javascript that would be run without checking it. (That's why eval is evil, right?)
Is there a way that I can allow my users to construct complex mathematical formulas and use the Math object (or an equivalent) without potentially opening my site up to harm?
So today I have discovered some malicious JavaScript code inserted into a bunch of my pages on a webserver. Access to these pages through FTP is granted to 3 people, myself, my boss, and a contract programmer. Unfortunately, the FTP server wasn't set to log, so I can't tell for sure if it was the programmer, but my assumption and suspicion is that it was him.
This code was inserted at the bottom of multiple pages. I can't make heads or tails of it, but it cannot be good, whatever it is. When I view the page that it was on, I noticed the web browser connecting to [url]. Browsing to this page takes you to some foreign hosting site. Googling superseasilver.ru only provides a page that has this address listed in a blacklist.
Can a plugin stop some malicious scripts to be executed?
Say, i have my plugin installed in my browser. Can this plugin go through the html contet of the site and stop the execution of activeX, action scripts, flash, pdf anything like that?
You see I'm trying to change an event like I'd change a property. The first will change the text to hello. I'd like the second to change the onmouseover event to display a hello world alert... but it doesn't seem to do anything.
In this program my basic intention is that as soon as the page loads, an alertbox will be called displaying the ALT value of image.
<!DOCTYPE html PUBLIC
This is my test page.
It doesn't work. When i used plain javascript alert function in body tag with onload event, it worked well.
This (code) implementation just shows the text in strong tag and the image. There is no messagebox displaying the alt message. Please tell me where I'm wrong. I've already downloaded the jQuery library and it lies in the same folder as this code.
Is there a script that would ensure that I can compose an email complete with address, subject line and some body text that will indeed work with gmail, hotmail and so on please?
I'm would like my app to send a preformatted email(with subject and body) everytime a user pushed a button, like : onclick " mailto:this@that.com" , without the user seeing anything, i.e. not being able to edit the message.
Using php, this is very simple; mail("this@example.com", "Subject", "Line 1 Line 2 Line 3");
is there a way to do this the same, easy way using javascript?
I am having trouble sending a mail using jQuery and PHP.
The problem is that I don't receive the email which is supposed to be send after clicking the send button. (no really)
Firebug and webdevelopment console in firefox 5 does not give an error anywhere.
I think it is in my PHP file, since after the ajax post in jQuery, it does execute the success function, so I guess that it does reach the php page. code...
// checks if the e-mail address is valid var emailPat = /^(".*"|[A-Za-z]w*)@([d{1,3}(.d{1,3}){3}]|[A-Za-z]w*(.[A-Za-z]w*)+)$/; var matchArray = formSignup.txtEmail.value.match(emailPat); if (matchArray == null) [Code]...
What i noticed today, is if a customer registers with an e-mail like: something.something@hotmail.com the first dot throws up the error, i'm not to great on regex
Pardon me for asking a basic question. I basically need a pointer to an example or ways to learn this -- including an editor I should use for scripting. I would like to do the following:
Divide a window into 3 panes; Display & manage messages in one pane; Each message has a unique subject line; Each message can be opened or deleted or forwarded.
Is there a simple code that I can use in my form that will get the e mail address from the person and send them an e mail? i have the part where they enter the e mail address. I just don't know where to go from there in the javascript. Any clue??
