Google Goes On Offensive vs. JavaScript Attacks
alphadogg writes "Google's e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months.
Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript.
'In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected,' Google said in its official blog."
User should just have an option to execute or not JS in the email text. Problem solved.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
I'd say that people that stupid deserve whatever they get, except that they are likely to do damage to other systems than their own.
As always, this sentiment annoys me.
Ignorance may be annoying, but it doesn't mean someone "deserves" any misfortune. No one is born knowing "I should not enable javascript in my e-mail." If this slipped through google, who I expect to be better than the average user, who the hell are you to say the average user should have known better and deserves it?