Text 43102, 72 rader
Skriven 2008-02-12 13:10:17 av Jeff Bowman (1:229/500)
  Kommentar till text 43086 av Jean Parrot (1:123/140)
Ärende: Re: Surf.
=================
> Hello  Jeff B, nice chatting with you. !
 
> Fantastic article, Jeff B. I would like to know more about you
> as you have not populated this echo recently, can I put faith in
> your writing ?
 
 
Hiya!  It's true, I haven't been here for very long at all.  I just got a
Fidonet feed about a week or so ago.  I haven't participated in it for many
years.  It's fun to be back again.  
I'm glad you consider my postings as an article, because I tend to look at such
things I say almost as rants.  lol.  I have my opinions of various such things
and tend to share them, hopefully doing so without sounding rude. Luckily this
seems like a smart group of folks left here, and I'm perfectly fine with
someone telling me I'm wrong or lacking some info or just to disagree in
general rather than some of the more typical "STFU LINUX ROX M$ SUX!!1" sorts
of responses one might see out there.
 
I believe my interest in internet security started a few years ago after I
discovered a "feature" in IE's clipboard javascript routines. I got bounced to
a trick website once, one which tries to open lots of windows while playing
loud music and such. It was funny, albeit annoying, but I was curious of how it
worked. When I viewed the source code, I saw notice of something about the
clipboard.  I knew a fair amount of HTML and had a good enough understanding of
basic javascript from work I had been doing for someone to realize that it
looked like they were grabbing the clipboard buffer, and then sending it back
to their own server. I was taken aback, to be honest, that such a thing was
possible. Just think for a moment the kinds of things you might store on the
clipboard.  Maybe names, addresses, passwords, or possibly even bank info.
 
I then went and researched the Javascript clipboard interface for IE that they
were using to do it, and implemented my own version. Sure enough, I was able to
steal my own clipboard and pass it back to my server, or anyone elses that I
had to load the page in IE for them to see as well.  They were a bit surprised
too.
 
It's worth pointing out that, at the time, I was using Avant, which is one of
those web browser shells that still uses IE for rendering. It was actually more
secure than IE in a few ways, and helped prevent adware/spyware by not
launching BHOs (browser helper objects), which was almost always how those
nasty things would stay in your system (and still is to a large degree). It
also allowed tabbed browsing and such, and other handy features. I donated to
the guy once even because it was such a good product.  Anyway, I digress. I
think it was practically the next day that I switched to Firefox. The clipboard
thing was just it for me.  I saw no useful implementation for the clipboard
functionality they had included, and still include to this day. Since then,
there's an option to either prompt you or to entirely disable this
functionality if you dig through IE's security permissions.  But by default,
I'm almost positive that it's still on.  I personally keep mine set to prompt
me, just so that I can tell if somebody's trying it!
 
I pretty much kept up with security issues with browsers from then on,
branching out into whatever else interested me on the subject. Firefox and
Mozilla Corp. eventually seemed no better than Microsoft in a lot of ways to
me, particularly after I personally attempted to see just how easy it was to
exploit one of the buffer overflows that was available at a particular time. It
didn't take much code before I was able to trigger a hidden remote command
prompt window to pop up, just by having the browser view a bad web page I
wrote.  Firefox had been getting lots of these buffer overflows (and still
does), so combined with other misc bugs, like losing my bookmarks and settings
a couple times, I had enough of it too, and went to Opera. So far, they haven't
let me down. But if they do, I don't see anywhere else to go but to like Lynx.
lol.
 
So yeah, probably a bit more rambling of a response than intended, but my
interest in security comes from personal experience. I like to see how people
do these things, and then let friends know what should be kept up to date or
avoided.  I don't actually work in the field or anything, even though it might
be kind of interesting to do.  I'm just a geek, I guess!

--- D'Bridge 2.95
 * Origin: FyBBS (1:229/500)