[LINK] Study shows pop-up warnings are ineffective

[Craig Sanders]

On Tue, Sep 30, 2008 at 10:54:45AM +1000, Karl Auer wrote:
> There's a fundamental difference between JS software and browser
> software. The latter treats Web data as *data*; it displays it, that's
> all. JS is a snippet of code that is then *executed* by the browser
> locally.

or, to use my diseased syringe analogy:

looking at a picture of a syringe is just data, harmless. occasionally
distasteful or unpleasant, but harmless.

injecting it is "executing the code". extremely risky, to yourself
and possibly to anyone you come in contact with if the contents are
infectious and turn you into a ravenous flesh-eating zombie, infecting
everyone you bite.


of course, the syringe isn't always harmful. sometimes it's beneficial
and lets you see the world in prettier colours or something.

does anyone sane think that the risk would be worth taking?

craig

-- 
craig sanders <cas at taz.net.au>