What i learned with the painful development with javascript, is that standards are good, using the DOM model instead browser specific extensions is a good thing, better compatibility, the API is more stable, for this reason i think that the right thing to do is embrace the Document Object Model (DOM) Level 3 Load and Save Specification standard for asynchronous communication instead XMLHttpRequest.
several postings with the exploit were made public, two days after read this the automatic update of windows pop-ups, and a week after this, the issue hits the homepage of slashdot. the hackers have already won the arms race. i.e. gif.
Updating frequently broken software is nowhere near of true security.
Slashdot Mirror
What i learned with the painful development with javascript, is that standards are good, using the DOM model instead browser specific extensions is a good thing, better compatibility, the API is more stable, for this reason i think that the right thing to do is embrace the Document Object Model (DOM) Level 3 Load and Save Specification standard for asynchronous communication instead XMLHttpRequest.
errr, you forgot patch the system
several postings with the exploit were made public, two days after read this the automatic update of windows pop-ups, and a week after this, the issue hits the homepage of slashdot. the hackers have already won the arms race. i.e. gif.
Updating frequently broken software is nowhere near of true security.