Google Goes On Offensive vs. JavaScript Attacks

← Back to Stories (view on slashdot.org)

Google Goes On Offensive vs. JavaScript Attacks

Posted by CmdrTaco on Tuesday July 20, 2010 @04:27AM from the isn't-most-javascript-offensive dept.

alphadogg writes "Google's e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months. Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript. 'In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected,' Google said in its official blog."

8 of 108 comments (clear)

Min score:

Reason:

Sort:

JS in email text? by mapkinase · 2010-07-20 04:30 · Score: 4, Insightful

User should just have an option to execute or not JS in the email text. Problem solved.

--
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
1. Re:JS in email text? by yincrash · 2010-07-20 04:35 · Score: 4, Insightful
  
  What legitimate reason is there to accept JS? Your friend isn't going to send you javascript, and a mailing list that uses HTML still has to cater to as many clients as possible which means they still use tables for layout.
Who the F*** has javascript turned on their mail? by mark-t · 2010-07-20 04:41 · Score: 3, Insightful

Like, wow... just wow.
I'd say that people that stupid deserve whatever they get, except that they are likely to do damage to other systems than their own.
So here's a quick question, who on earth thought it would be a good idea to even *allow* javascript to run in an email?

--
File under 'M' for 'Manic ranting'
Re:Who the F*** has javascript turned on their mai by Wiarumas · 2010-07-20 04:49 · Score: 2, Insightful

I'd assume a vast majority of people don't even know what javascript is let alone why it is potentially dangerous. Sometimes you have to consider your users - which sometimes means you have to consider the ignorant, non-technical masses (ie: email users). Sure, you can feed them to the wolves, but it will come back and bite you somehow.

--
I will bend like a reed in the wind.
Re:Who the F*** has javascript turned on their mai by interkin3tic · 2010-07-20 05:09 · Score: 5, Insightful

I'd say that people that stupid deserve whatever they get, except that they are likely to do damage to other systems than their own.
As always, this sentiment annoys me.
Ignorance may be annoying, but it doesn't mean someone "deserves" any misfortune. No one is born knowing "I should not enable javascript in my e-mail." If this slipped through google, who I expect to be better than the average user, who the hell are you to say the average user should have known better and deserves it?
I'm still waiting for... by pongo000 · 2010-07-20 06:03 · Score: 2, Insightful

...an effective attack vector against mutt.
plain text by SgtChaireBourne · 2010-07-20 06:08 · Score: 3, Insightful

plain text : it was good enough for Shakespeare

--
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Re:Don't want to post OT but... by kdemetter · 2010-07-20 06:10 · Score: 3, Insightful

Going outside doesn't really help : plenty of ads there , and adblock doesn't work on them .

--
Slipping shoelaces ?