LQ Safe from malicious Java Script uploads?
Once again there is news of the problems that can be caused by malicious java script. This is particularly of concern on sites that allows users to upload content. (And, in fact, maybe about a year ago, Yahoo had problems with this very thing.) Normally I leave Java Script disabled; LQ is one of the few sites I enable it for because it makes the editing of posts so much more sane. So I just want to double check that LQ does what is necessary to make sure that functional Java Script cannot be uploaded by users. Within this question (and something I don't know due to my lack of HTML knowledge) is whether when sombody posts Java Script (within code tags or not) whether there is any way a browser might end up executing it.
For the record, prior to posting this, I searched this thread for Java Script, and ended up reading the entire thread from last year about the pop up issues. I could not find that this issue has been specifically addressed before. |
I doubt Jermey would let malicious javascript uploads on this site
|
Quote:
|
We do everything we possibly can to prevent things like what you are describing. The issue in the thread you linked to was a client issue and unrelated to LQ.
--jeremy |
The problem which is described in the second link of the OP about the pop up issue, happened twice on my machine since yesterday.
It is as described in the link My machine runs Arch Linux, not Windows. And it happens only when I visit the LQ site. It's very annoying because the LQ page disappears and is not available again until Firefox is restarted. Before that, nothing can be done with the browser because it is hijacked by the spurious site (even the window size where the browser stands is changed). I cannot but think that it is related with something at the LQ site. Can somebody search for a possible cause please ? It's the first time since I run Linux on my machine that something like that happens, it reminds me of the Windows vulnerabilities when surfing the Web. |
Which page? In all of the time that I have been visiting LQ I have never seen this. Can you get the URL for the ad?
|
I have been hit by the very same malware yesterday night.
Brand new O/S installation (Solaris Express build 66 + Firefox 2.0.0.3). The only site visited before LQ were the Firefox Google welcome page then a google search. While browsing LQ, I was redirected to that URL (found in Firefox history): http:// fr.errorsafe.com /pages/scanner/index.php?ax=1&ex=1&ed=2&aid=which95k_rdt&lid=intl&affid=&mpt=[CACHEBUSTER] |
Me too. It happened three times in the last two days and only when I was browsing the LQ site. Next time I will log and post all the relevant information, if this can help to go deep inside the question.
|
I wonder if an ad has either been compromised (they all come from third party providers) or if an ad has been coded to do this. Just an idea.
I can say, with all confidence, that this is nothing of Jeremy's doing and if my ideas are correct, he will kill the ads. |
Yes, I agree. I never thought it could be caused from Jeremy's doing. I wonder how can it happen, but unfortunately I am not an expert in these issues.
|
I've not seen this happen, but any additional information that will help me track down if it's LQ ad server related would be appreciated. We will work to kill the ad ASAP if it did sneak in somehow.
--jeremy |
It happened again to-night just before this post.
I enter LQ directly at the forum page and I didn't click anything before the problem occurred. The site responsible for the hijacking is saved in the Firefox history as h..p://www.drivecleaner.com/.freeware/?p=56&ax=1&ex=1&ed=2&aid=which95k&lid=intl&affid=&aid=which95k&mpt=[CACHEBUSTER]&aid=which95k_rdt ('h..p' is for 'http' for preventing the url tags) I cannot identify which ad may cause that because the browser is pushed out of the LQ site before I could see anything. I think it may be caused by one of the ads, as it doesn't happen every times. Edit: I'm now sure that this is from a javascript execution, because I had allowed scripts to move or resize existing windows in the Firefox preferences options. And that is what happened. |
Similar behaviour just happen to me again. I have just started to navigate the LQ site and the pop-up has shown again (always the same for me but different from those reported above). In detail: the browser resize to a little square windows (about 1 inch) and a pop-up appear with the following message
Quote:
Again I can take any action (this time I tried to reconnect to LQ from my bookmarks) and a new pop-up appears: Quote:
|
Is this happening only on specific pages? I'm completely unable to replicate this or find any indication that it's coming from LQ at this time. We only use two ad providers and both of them have been extremely reliable in the past. Only one (Google) allows for arbitrary ad placement, but they do not allow javascript at all. The one commonality I see here is the "which95k" string. Any additional information will help.
--jeremy |
An update: The culprit here has potentially been tracked down. It was not directly related to LQ itself, but rather an aberrant ad. We'll be working with our ad provider to ensure this doesn't happen again. Thanks for the patience. Your security and privacy are extremely important to us and I'm happy to say that neither were impacted in this case. We do apologize for the annoyance.
--jeremy |
All times are GMT -5. The time now is 05:33 AM. |