Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Java Popup you Can't Stop

Posted by CmdrTaco on from the once-you-pop dept.

An anonymous reader writes "In his brand new hackademix.net blog, Giorgio Maone, known as the author of the NoScript security extension for Firefox, reveals how popup blockers can be easily circumvented using Java. Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop (the wet dream of any phisher) and cannot be closed by user (the wet dream of any web advertiser). Impressive demos available, all cross-browser and cross-platform, in the best Java tradition: 'Write once, hack anywhere' "

17 of 480 comments (clear)

  1. Don't spread this! by LarsG · · Score: 5, Funny

    For the love of all that is holy, please don't promote this story to the /. frontpage. The less advertisers that are made aware of this the better.

    --
    If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    1. Re:Don't spread this! by Anonymous Coward · · Score: 5, Funny

      NO WAY! Information is meant to be FREEEEEEEEEEEEEEEEEEE! YOU should keep your mouth shut, you fascist pig! I bet you voted for Bush!

    2. Re:Don't spread this! by LarsG · · Score: 4, Funny

      Information wants to be anthropomorphised and all that, but I'd still prefer this one to stay below the main stream media radar until Sun can get a fix out.

      As for voting Bush. Since I'm not a US citizen, that would require use of the password '12345678'.

      --
      If J.K.R wrote Windows: Puteulanus fenestra mortalis!
    3. Re:Don't spread this! by Anonymous Coward · · Score: 3, Funny

      Eh don't worry, by the time the Java Virtual Machine loads up, you'll probably be doing something else. It should make for a good screensaver though!

    4. Re:Don't spread this! by networkBoy · · Score: 3, Funny

      True enough, but one should only allow active content such as Java on sites one explicitly trusts (like a bank).
      Sadly, most are not as aware and leave their browsers in "whore mode".
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    5. Re:Don't spread this! by BorgCopyeditor · · Score: 3, Funny

      You mean their browsers will pretend to open each page the user pays for?

      --
      Shop as usual. And avoid panic buying.
    6. Re:Don't spread this! by jank1887 · · Score: 4, Funny

      hey, we all know any exploit can be fixed in 10 f-ing days!!!

    7. Re:Don't spread this! by polymath69 · · Score: 5, Funny

      I'd much prefer they filter malicious scripting,

      The ghost of the Entscheidungsproblem descends, with malice in its eyes.

      *smack* Oof.

      You are dealt 2501 hit points of damage.

      Hint: there is no way to programatically determine whether a given program is malicious or not, for any sufficiently interesting system.

      --

      --
      I don't want to rule the world... I just want to be in charge of mayonnaise.
  2. Who'd have thought it? by nagora · · Score: 3, Funny

    There are people who still browse with java switched on?! That is SO 1990's.

    --
    "Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
    1. Re:Who'd have thought it? by amigabill · · Score: 5, Funny

      There are people who still browse with java switched on?! That is SO 1990's.

      Didn't you read the headline? You can't stop these things. Heck, the demo popped up an unkillable window on my AmigaOS box, and no JVM even exists for that...

    2. Re:Who'd have thought it? by Anonymous Coward · · Score: 3, Funny

      Wow you can run Java even without a JVM??

      I had no idea Java was so powerful.

  3. so how do i know by circletimessquare · · Score: 5, Funny

    this is a real slashdot article, and not some clever cross site full screen javascript faux article out to steal my cookies, hmmm? if i hit submit i might-

    oh shit

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. Re:NoScript, but they don't work by Professor_UNIX · · Score: 4, Funny

    This demo didn't work on my iPhone either. Just another reason to use the Superior JesusPhone over standard web technologies... no annoying Java, Flash, or third party apps to exploit!

  5. Obligatory Linux Elitism by ticklejw · · Score: 4, Funny

    "Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop and cannot be closed by user"

    Thing #397 That You Can Do In Linux But Can't In Other Popular Desktop OS's:

    1. Ctrl+Atl+F1
    2. Log In
    3. missile-launch -f --target-from-process java
    4. killall java
    4a. killall firefox-bin (if necessary)

    Actually this story is strangely coincidental; just a few minutes ago, I was trying to show a coworker a cool graphical demo of different sorting algorithm efficiencies, but I didn't have the Java plugin installed. Still don't.

    --
    "Software is like sex; it's better when it's free." -Linus Torvalds
  6. Lovely by dgun · · Score: 5, Funny

    The one sure way to endear me to a product and cause me to whip out my credit card is to pop up a window over my entire screen that I cannot remove. This type of "in your face" advertising is exactly what reluctant consumers like myself need.

    --
    FAQs are evil.
  7. pfft by porkThreeWays · · Score: 3, Funny

    Pringles has been doing this for years. They are the original pop you can't stop

    --
    If an officer ever threatens to taze you, say you have a pacemaker.
  8. don't be dense by the_skywise · · Score: 3, Funny

    When you pop Pringles you get chips... not cookies.