- From: David Woolley <david@djwhome.demon.co.uk>
- Date: Sat, 12 Jun 2004 09:30:26 +0100 (BST)
- To: w3c-wai-ig@w3.org
For those who believe that web sites should be allowed to rely on scripting, CERT, one of the most respected internet security organisations, is currently advising that scripting (and ActiveX) be disabled for the internet security zone (i.e. any zone that is not fully trusted). This is because of a vulnerability that is being actively exploited, and which allows arbitrary code to be run on a machine accessing a rogue web site. Remember that access can be the result of typos in URLs and following misleading hits from search engines, even if you wouldn't deliberately visit dodgy sites (there are also more technical ways of misdirecting users). <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
Received on Saturday, 12 June 2004 04:30:58 UTC