[Dshield] Bushe's recent visit to the NSA... Is this website safe to view?
jayjwa at atr2.ath.cx
Mon Feb 6 22:43:15 GMT 2006
On Sun, 5 Feb 2006, Bjørn Ruberg wrote:
-> > Is this website safe to view? I don't know much about this, but my
-> > understanding is that websites that have malformed code could possible
-> > download a virus or worm onto my computer if I viewed it or clicked on some
-> > link on it.
-> Jokes aside, it's perfectly all right to be skeptical of HTML code.
It's (usually ) not the HTML markup that gets'em, it's all that scripting
#@!$% they embed inside of it that does the nasty deeds. Try running around
The other day I forgot and left JS turned on. When at a site I'm used to
visiting, I thought to myself, that's funny, I remember I used to see at the
bottom of the browser where the link was actually going (the target), now it
refreshed, and the display came back on.
I often wonder how many of the web browser-based exploits out there in the
wild depend on the victim running JS or another scripting language, I'd love
to see the percent figure on that.
-> Microsoft now and then suggests that HTML code should be viewed with a
-> plain-text editor instead of Internet Explorer.
Now that is the ultimate in contradiction: eg, we make this great web
browsers, but ummm... just don't use it to view HTML ;)
 IFRAME comes to mind, but that was app-specific.
More information about the list