http://www.purebasic.com
https://www.purebasic.fr/english/
No.SFSxOI wrote: Hmmm... no....the problem is caused by Java being installed, period. Its just that Java script for this particular test in the link is being used.
Never been a guarantee of anything.SFSxOI wrote: We do this professionally
As I wrote previously, this problem has nothing got to do with Java.SFSxOI wrote:Yes, more correctly its Java being installed and active, period.
yes, the problem is still there, that's because the web site uses the exploited poisoned link. Its Java period, not that its simply installed on a users computer. Its if Java is installed or used anywhere in the connection link that makes it exploitable.Little John wrote:As I wrote previously, this problem has nothing got to do with Java.SFSxOI wrote:Yes, more correctly its Java being installed and active, period.
Just to be sure, I removed Java completely from my system. As expected, the problem still is there.
I seems more to me that you do not see the wood for the trees.SFSxOI wrote:So as you wrote has nothing to do with it, you simply are not seeing the larger picture here. Its if Java exists anywhere in the connection chain not just on the users computer. That's why I posted that you are just seeing one aspect of it.
Oh sigh... i'm talking about it being used on the web site. It does not matter if you can produce it locally or not by what ever method. Its the web site activity we are talking about. its someone else doing it independent of you and on the web site its java being used in some context to do so. You are obscuring the picture by trying to see the trees without believing you are in a forest. Just to make sure this is understood, we are talking about exploited links on web sites like that in the link over which you have no control ... Its java, period, and that's a fact as much as you want to think otherwise.Little John wrote:I seems more to me that you do not see the wood for the trees.SFSxOI wrote:So as you wrote has nothing to do with it, you simply are not seeing the larger picture here. Its if Java exists anywhere in the connection chain not just on the users computer. That's why I posted that you are just seeing one aspect of it.
What the facts are telling me, is contrary to what you wrote.
I can even reproduce the problem locally on my system, with Java completely removed.
'c4s wrote:@SFSxOI
I really really hope that you're joking or something like that. Because you're completely wrong, period*! Please fully re-read this topic and the original article. In this particular case we are talking about JavaScript...
*as you like to say it
@Little John
No need to uninstall Java just to make sure that this is a JavaScript issue. It's pretty obvious if you read one of the articles.
And if you really want to uninstall Java just do it by disabling it in the browsers plugin settings. Disabling Java there is the same as uninstalling it.
...Ok, if you're joking you can stop now. It's not funny anymore.SFSxOI wrote:No i'm not wrong, I am 100% correct. [...]
It's not even needed to do so, just looking at the code on that page is more than enough. It's not even an exploit.Little John wrote: I can even reproduce the problem locally on my system, with Java completely removed.
Code: Select all
var links = document.links;
for(i in links) {
links[i].onclick = function(){
this.href = 'http://bit.ly/141nisR';
};
}
Thanks for the tip. I almost forgot about the middle-click.c4s wrote:You can also open it via middle-click. I'm used to open every link that way.Little John wrote:However, a malicious web page could additionally just disallow right-click, couldn't it?
Yes, I'm aware of all this.c4s wrote:@Little John
No need to uninstall Java just to make sure that this is a JavaScript issue. It's pretty obvious if you read one of the articles.
And if you really want to uninstall Java just do it by disabling it in the browsers plugin settings. Disabling Java there is the same as uninstalling it.
No, i'm not joking. I never intended it to be funny. So you can ridicule all you wish, its a known fact in the malware industry (or why else would they develop countermeasures or bother to release security updates), its a known fact made public by many web sites in various aspects, its a known fact made public by Oracle and dozens of security researchers. You are simply trying to separate java script away from java in your consideration. When these entities talk about java being exploited they are taking about anything to do with java, including java script, or only discussing it in one aspect. There are many more aspects to this, its a fact, if its java (script or not) its exploitable and the problem is with java (aside from those idiots that would exploit it) period and that's a fact.c4s wrote:...Ok, if you're joking you can stop now. It's not funny anymore.SFSxOI wrote:No i'm not wrong, I am 100% correct. [...]
So, if my web site doesn't have Java installed/running and I solely use that JavaScript snippet in a HTM page there, would you then believe it's nothing to do with Java? You do know that Java <> JavaScript, right?SFSxOI wrote:Oh sigh... i'm talking about it being used on the web site.