Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Java Popup you Can't Stop

Posted by CmdrTaco on from the once-you-pop dept.

An anonymous reader writes "In his brand new hackademix.net blog, Giorgio Maone, known as the author of the NoScript security extension for Firefox, reveals how popup blockers can be easily circumvented using Java. Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop (the wet dream of any phisher) and cannot be closed by user (the wet dream of any web advertiser). Impressive demos available, all cross-browser and cross-platform, in the best Java tradition: 'Write once, hack anywhere' "

4 of 480 comments (clear)

  1. Re:Obvious solution? by pla · · Score: 1, Troll

    Problem off course is that the avrage websurfer is unlikely to

    Fortunately, I don't give two shakes of a rat's derriere about the average websurfer. In fact, I prefer that they see a deluge of ads, because:
    1) It makes ads easier to block (advertisers only use blocker-circumvention methods when forced to);
    2) As people complain, ads will evolve into less obnoxious forms (such as the entirely palateable Google text-ads);
    3) Although I in no way feel guilty about "consuming" content voluntarily placed online for free, I won't claim ignorance that the "average websurfer" seeing all those ads helps fund many sites.



    a) know how to do it

    NoScript or QuickJava work just fine. With (as you suggest) the default as "off", of course. If people can't figure out how to click the "J" in a crossed-out circle, I have little sympathy.



    b) know what sites to trust.

    Oh, that one comes easy - "None of them". Unless I go to a page specifically for the purpose of running a java app hosted there, I simply don't turn it on. Ever. If a random page comes up with an unexpected complaint about my having Java disabled, I simply move on from that page, never giving it another thought.

  2. map of France by epine · · Score: 0, Troll

    Ah yes, the "hosts file" tweaker. Ever an important advertising demographic. It doesn't pay to piss people off who have any means of doing something about it. In all other cases, in inculcates learned helplessness, the wet-dream of pseudo-democracies everywhere. Can't uninstall or disable or live without Java? And the banks are involved? Ah yes, the wet-dream of monopolistic capitalism. Strange how many countries wake up on a map of France every morning.

  3. Only numbskulls browser with Java enabled by zgregoryg · · Score: 0, Troll

    Nuff said.

  4. Re:Don't spread this! by Lord+Flipper · · Score: 0, Troll

    The No-Script add-on will allow you to do something similar for Firefox (as per TFA).

    After using NoScript for well over a year, I finally dumped it this week. What a huge pain in the ass. The thing has inconsequential updates about every week.

    I use tons of Addons, and love them. They're the only reason I use Firefox, because the app itself is not meant for a Mac (and no, I don't even have Safari installed here, preferring Camino). And in Windows environment I use Opera.

    But seeing the author of NoScript getting pissy about 'somebody could write a script that takes over your screen"... What the fuck?

    This guy's Addon is the only one that I know of that forces its way into browser port focus after the restart following his fucking updates. What a hypocrite. Add a menu item link to a 'Release Notes' or whatever, Buttload. Shit. To hell with him and his pain in the ass Addon. If it gets too 'scary' out there I'll switch back to OmniWeb and use site-specific prefs. Meanwhile, I'll take my chances with javascript.