[LINK] Study shows pop-up warnings are ineffective
Marghanita da Cruz
marghanita at ramin.com.au
Tue Sep 30 09:46:43 AEST 2008
Ivan Trundle wrote:
> On 30/09/2008, at 5:33 AM, Roger Clarke wrote:
>
>> But this is link; and there are people out there who aren't amateurs
>> like me. Can someone confirm or deny the reliability of 'Cancel'
>> buttons?
>
> No reliability at all. It's possible to script a function to do
> anything at all from a cancel button (if the user permits javascript
> et al to operate).
>
> Whilst the DOM may try to interpret button action and behaviour, there
> is nothing to prevent someone from creating any action from any button
> with any name. The html you described is quite possible.
>
> Even using the window close widget (OS-dependent) can evoke an
> undesirable action.
But isn't this covered the browser security functionality?
ie while you may be able to download a file - pdf or exe opening/execution
should be a different function.
> May 2, 2006 (IDG News Service) -- Mozilla Corp. has released an update to its Firefox browser, fixing a known security flaw in the open-source software.
>
> The bug, reported last week, involves the way Firefox handles JavaScript code. It could be exploited by attackers to crash an unpatched browser and, in theory, could also provide them with a way to trick the browser into running malicious code, Mozilla said in a security alert
<http://www.computerworld.com/securitytopics/security/holes/story/0,10801,111091,00.html?source=x584>
Marghanita
--
Marghanita da Cruz
http://www.ramin.com.au
Phone: (+61)0414 869202
More information about the Link
mailing list