W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > April to June 2004

Important to disable scripting in IE again.

From: David Woolley <david@djwhome.demon.co.uk>
Date: Sat, 12 Jun 2004 09:30:26 +0100 (BST)
Message-Id: <200406120830.i5C8UQd06014@djwhome.demon.co.uk>
To: w3c-wai-ig@w3.org

For those who believe that web sites should be allowed to rely on scripting,
CERT, one of the most respected internet security organisations, is 
currently advising that scripting (and ActiveX) be disabled for the internet
security zone (i.e. any zone that is not fully trusted).  This is because
of a vulnerability that is being actively exploited, and which allows 
arbitrary code to be run on a machine accessing a rogue web site.  Remember
that access can be the result of typos in URLs and following misleading
hits from search engines, even if you wouldn't deliberately visit dodgy
sites (there are also more technical ways of misdirecting users).

<http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
Received on Saturday, 12 June 2004 04:30:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 February 2014 07:13:33 UTC