Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Java Popup you Can't Stop

Posted by CmdrTaco on from the once-you-pop dept.

An anonymous reader writes "In his brand new hackademix.net blog, Giorgio Maone, known as the author of the NoScript security extension for Firefox, reveals how popup blockers can be easily circumvented using Java. Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop (the wet dream of any phisher) and cannot be closed by user (the wet dream of any web advertiser). Impressive demos available, all cross-browser and cross-platform, in the best Java tradition: 'Write once, hack anywhere' "

26 of 480 comments (clear)

  1. Don't spread this! by LarsG · · Score: 5, Funny

    For the love of all that is holy, please don't promote this story to the /. frontpage. The less advertisers that are made aware of this the better.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    1. Re:Don't spread this! by Anonymous Coward · · Score: 5, Funny

      NO WAY! Information is meant to be FREEEEEEEEEEEEEEEEEEE! YOU should keep your mouth shut, you fascist pig! I bet you voted for Bush!

    2. Re:Don't spread this! by LarsG · · Score: 4, Funny

      Information wants to be anthropomorphised and all that, but I'd still prefer this one to stay below the main stream media radar until Sun can get a fix out.

      As for voting Bush. Since I'm not a US citizen, that would require use of the password '12345678'.

      --
      If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    3. Re:Don't spread this! by Anonymous Coward · · Score: 3, Funny

      Eh don't worry, by the time the Java Virtual Machine loads up, you'll probably be doing something else. It should make for a good screensaver though!

    4. Re:Don't spread this! by networkBoy · · Score: 3, Funny

      True enough, but one should only allow active content such as Java on sites one explicitly trusts (like a bank).
      Sadly, most are not as aware and leave their browsers in "whore mode".
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:Don't spread this! by BorgCopyeditor · · Score: 3, Funny

      You mean their browsers will pretend to open each page the user pays for?

      --
      Shop as usual. And avoid panic buying.
    6. Re:Don't spread this! by jank1887 · · Score: 4, Funny

      hey, we all know any exploit can be fixed in 10 f-ing days!!!

    7. Re:Don't spread this! by polymath69 · · Score: 5, Funny

      I'd much prefer they filter malicious scripting,

      The ghost of the Entscheidungsproblem descends, with malice in its eyes.

      *smack* Oof.

      You are dealt 2501 hit points of damage.

      Hint: there is no way to programatically determine whether a given program is malicious or not, for any sufficiently interesting system.

      --

      --
      I don't want to rule the world... I just want to be in charge of mayonnaise.
  2. Who'd have thought it? by nagora · · Score: 3, Funny

    There are people who still browse with java switched on?! That is SO 1990's.

    --
    "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    1. Re:Who'd have thought it? by amigabill · · Score: 5, Funny

      There are people who still browse with java switched on?! That is SO 1990's.

      Didn't you read the headline? You can't stop these things. Heck, the demo popped up an unkillable window on my AmigaOS box, and no JVM even exists for that...

    2. Re:Who'd have thought it? by Anonymous Coward · · Score: 3, Funny

      Wow you can run Java even without a JVM??

      I had no idea Java was so powerful.

  3. so how do i know by circletimessquare · · Score: 5, Funny

    this is a real slashdot article, and not some clever cross site full screen javascript faux article out to steal my cookies, hmmm? if i hit submit i might-

    oh shit

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. DOOMED by voraistos · · Score: 1, Funny

    Now we all are doomed. And with the new Sun CPU, advertisers can display ads at an even higher frequency now.

  5. Dont worry, I'll turn off the lights on my way out by smallstepforman · · Score: 2, Funny

    No need to worry folks, us handful of BeOS users will switch off the lights and the internet on our way out, since we'll be the last ones to leave. Every now and then I'm actually relieved to be running a non mainstream OS.

    --
    Revolution = Evolution
  6. This will lead to by alexj33 · · Score: 2, Funny

    This Java discovery will lead to the following:

    1. Java Popups 1.0

    2. Java Popups on Struts

    3. Java Popups 1.1. (Not compatible with 1.0 or struts, needs a patch to SunOS to work)

    4. JPEE. (Java Popups, Enterprise Edition- Not compatible with 1.1)

    5. Java Popups for Mobile Devices.

    6. Java Popups for Mobile Devices, Enterprise Edition.

    HA, and you thought that Java was going to make this easy for Phishers and Advertizers.

  7. Re:NoScript, but they don't work by Professor_UNIX · · Score: 4, Funny

    This demo didn't work on my iPhone either. Just another reason to use the Superior JesusPhone over standard web technologies... no annoying Java, Flash, or third party apps to exploit!

  8. Obligatory Linux Elitism by ticklejw · · Score: 4, Funny

    "Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop and cannot be closed by user"

    Thing #397 That You Can Do In Linux But Can't In Other Popular Desktop OS's:

    1. Ctrl+Atl+F1
    2. Log In
    3. missile-launch -f --target-from-process java
    4. killall java
    4a. killall firefox-bin (if necessary)

    Actually this story is strangely coincidental; just a few minutes ago, I was trying to show a coworker a cool graphical demo of different sorting algorithm efficiencies, but I didn't have the Java plugin installed. Still don't.

    --
    "Software is like sex; it's better when it's free." -Linus Torvalds
  9. Popups, Wet Dreams... by Chineseyes · · Score: 2, Funny

    Popups, Wet Dreams, and no napkins. What a mess.

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  10. Lovely by dgun · · Score: 5, Funny

    The one sure way to endear me to a product and cause me to whip out my credit card is to pop up a window over my entire screen that I cannot remove. This type of "in your face" advertising is exactly what reluctant consumers like myself need.

    --
    FAQs are evil.
  11. Re:and the wet dream of any victim by mgblst · · Score: 2, Funny

    Two words: Gerald Ratner


    Who?

     
    Exactly!
  12. pfft by porkThreeWays · · Score: 3, Funny

    Pringles has been doing this for years. They are the original pop you can't stop

    --
    If an officer ever threatens to taze you, say you have a pacemaker.
  13. don't be dense by the_skywise · · Score: 3, Funny

    When you pop Pringles you get chips... not cookies.

  14. Re:and the wet dream of any victim by foniksonik · · Score: 2, Funny

    Yes... lets' disable PHP, JSP, Ruby, Python, ASP and all those other evil scripting languages. OH you meant Browser Scripting languages?

    OK then, let's disable multi-level menus, client side form validation, any sort of calculator, date pickers, multi-dimensional form inputs (where one choice branches the rest of the form), tree-menus, AJAX (which does have it's uses), font-size controllers, style switchers and all the other UI elements that make web sites even remotely usable.

    Let's just do away with Gmail and all other Google apps, Netvibes and all other personal portals, any instant feedback you might get on a social site, no more firehose for /. and any number of useful tools out there that need client side scripting to even be feasible.

    Down with scripting, long live dumb content.

    --
    A fool throws a stone into a well and a thousand sages can not remove it.
  15. Re:Why? by neersign · · Score: 2, Funny

    screen on, apply directly to the computer screen...

  16. Re:Can't even switch Workspaces by Aetuneo · · Score: 2, Funny

    It completely covered both of my monitors, but, luckily, I've got Firefox (and pretty much everything else) set up to crash whenever I switch desktops. A feature which finally has a use! (And than I disabled Java, which completely fixed the issue).

    --
    Everything is subjective.
  17. Re:Why I love IE by Anonymous Coward · · Score: 1, Funny

    You fail the Internet.