SoylentNews is people
SoylentNews
from the running-windows—I-mean-javascript—I-mean-malware dept.
From The Daily Swig:
A serious vulnerability in the latest version of Microsoft Edge [a Windows web browser ed] enables attackers to spoof URLs with just five lines of code. The flaw, discovered by Argentine researcher Manuel Caballero, can make a malicious website appear to be legitimate through the use of the Stop() command, which interrupts the page loading process. With the target URL still appearing in the address bar, the document.write() JavaScript command can then be used to overwrite the contents of the page.
[...] With this bug, probably the only truly safe way reach any website using Edge is to open a new tab and type the URL by hand, or access it through your bookmarks.
This vulnerability appeared in a recent "security" update from Microsoft; users of Edge might want to investigate what version they are using.
(Score: 4, Insightful) by bob_super on Friday May 04 2018, @01:14AM (6 children)
Why not nit-pick ?
The responsibility of delivering clean code without nasty tag-alongs should be legally enforced on the website you visit.
Right now, people just grab executable code left and right to build their site, security is a friggin nightmare, and the place you thought you visited is never responsible when bad things happen.
Real-world commercial insurance covers your ass when some third-party screws up while you are in a store (the store is responsible when the A/C conduit crushes you, then sues the contractor who installed it). Online ? You're on my site, but yeah, not really, you see, because it's not my fault that someone injected malware in the ad trackers, and I can't do anything about it, you see...
(Score: 0) by Anonymous Coward on Friday May 04 2018, @01:28AM (1 child)
(Score: 3, Insightful) by requerdanos on Friday May 04 2018, @02:30AM
Yeah, that's what this story is about. Nit-picking over whether you are "on a website" or "looking at data loaded from somewhere linked by a script loaded from the website."
Given that many websites aren't "sites" so much as agglomeration of scripts from dozens of servers each with its own tracking and misfeatures, this is a very, very fine distinction indeed.
(Score: 1, Troll) by realDonaldTrump on Friday May 04 2018, @04:31AM (2 children)
We have to see Bill Gates and a lot of different people that really understand what's happening. We have to talk to them about, maybe in certain areas, closing that Internet up in some ways. Somebody will say, "oh, freedom of speech, freedom of speech." These are foolish people!!
(Score: 1, Interesting) by Anonymous Coward on Friday May 04 2018, @08:05AM (1 child)
I don't think even Bill Gates knows what is happening anymore. Actually, I don't think *anyone* does.
Its become that big elephant that a lot of blind people are trying to describe... and all this "intellectual property" law regarding obfuscation and ignorance of how things work isn't helping one iota. Ignorance of how biology works does not help one iota for having a populace resilient to spreading of diseases.... nor does all this ignorance of how our technology works make our computational infrastructure resilient to outside attack from those who do not obey our "ignorance mandates by Congress".
But yet I realize how important our ignorance is for someone who wants to force-feed us ads, knowing we can't do anything about it.
And its also very important to have an ignorant populace if you want to hack into our power grids, elections, traffic control, commerce, banking, whatever.
To keep our population dumbed down requires a concerted effort by those empowered to craft law to keep knowledge away from the populace, so that those not under forced obeyance of that law can have the upper hand. Yes. Passed by the Congress of the United States of America.
Its gonna be interesting if they keep poking at China, and China decides to stand up, then we find a lot of our technology suddenly stops working - and no one knows why - as mandated by LAW passed by our own Congress.
Its simply not apparent to me that our Congress has much concern for the technical literacy of its populace, and wants us to know just enough to know how to buy stuff and listen to ads, while very few people, many outside the jurisdiction of our Congress, know the inner details of how the stuff works.
I see the Linux die-hards here being the last vestige of "do-er ship" outside of giant multinational corporations that hold no allegiance ( other than whoreship to the US Dollar - as long as the bankers are backing it ) to the United States.
(Score: 2) by realDonaldTrump on Friday May 04 2018, @06:17PM
The security aspect of cyber is very, very tough. And maybe it's hardly doable.
(Score: 2) by All Your Lawn Are Belong To Us on Friday May 04 2018, @01:44PM
I think you're right, bob_super It opens up a disconnect just a little for whom you consider "responsible" when you go to a website and are served something you didn't want (like malware, malvertising, whatever.) Who is repsonsible? When third-party ad services do it, the URL owner will happily point the finger.
To me, "what website am I on," is tantamount to saying, "Whom can I take action against, legal or otherwise, for what is being displayed to me?" And it wouldn't surprise me when there are cases when that is not the registrant of the address showing in my bar. It would be nice if there was a common-sense layer that let the address bar be solely responsible, but I fear that way lies SOSTA etc.
This sig for rent.