The Java Popup you Can't Stop

An anonymous reader writes "In his brand new hackademix.net blog, Giorgio Maone, known as the author of the NoScript security extension for Firefox, reveals how popup blockers can be easily circumvented using Java. Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop (the wet dream of any phisher) and cannot be closed by user (the wet dream of any web advertiser). Impressive demos available, all cross-browser and cross-platform, in the best Java tradition: 'Write once, hack anywhere' "

Re:Obvious solution?

[pla]

Problem off course is that the avrage websurfer is unlikely to

Fortunately, I don't give two shakes of a rat's derriere about the average websurfer. In fact, I prefer that they see a deluge of ads, because:
1) It makes ads easier to block (advertisers only use blocker-circumvention methods when forced to);
2) As people complain, ads will evolve into less obnoxious forms (such as the entirely palateable Google text-ads);
3) Although I in no way feel guilty about "consuming" content voluntarily placed online for free, I won't claim ignorance that the "average websurfer" seeing all those ads helps fund many sites.



a) know how to do it

NoScript or QuickJava work just fine. With (as you suggest) the default as "off", of course. If people can't figure out how to click the "J" in a crossed-out circle, I have little sympathy.



b) know what sites to trust.

Oh, that one comes easy - "None of them". Unless I go to a page specifically for the purpose of running a java app hosted there, I simply don't turn it on. Ever. If a random page comes up with an unexpected complaint about my having Java disabled, I simply move on from that page, never giving it another thought.