<div dir="ltr">Drew - what it's not executable code, but instead disreputable information?<div><br><div>Imagine a scenario where you want to do some online banking, you navigate to <a href="http://mybank.com">mybank.com</a> - however, I've intercepted your DNS request and have directed you to my own malicious server which is posing as <a href="http://mybank.com">mybank.com</a>, however, my SSL cert is bad. You don't run any of the code that I served up, but you provide your username and password and submit. I harvest these and redirect you to the real <a href="http://mybank.com">mybank.com</a> site and you just figure that you've mistyped your password the first time.</div><div><br></div></div><div>What if I redirected you to a non SSL site which had drive-by malware on it?</div><div><br></div><div>I could also see a scenario where you visit your favorite news source, and they're displaying alarmingly wrong information which causes you to alter your behavior. Some examples could include things like Taco Town is giving people diarrhea, a political candidate is involved in a scandal right before an election, some company's stock is about to tank, or we're being invaded by North Korea.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 3, 2017 at 7:24 PM, Drew <span dir="ltr"><<a href="mailto:drew4096@gmail.com" target="_blank">drew4096@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If I tell a browset to display a URL I want it to obey ME, period.<br>
It's okay to warn about certificates and such but damnit I want the<br>
data retrieved! As for security risks, just don't RUN any of it!<br>
Anything that can't simply be displayed should be stashed somewhere.<br>
<div class="HOEnZb"><div class="h5">______________________________<wbr>________________________<br>
washlug mailing list washlug web site<br>
<a href="mailto:washlug@washlug.org">washlug@washlug.org</a> <a href="http://www.washlug.org" rel="noreferrer" target="_blank">www.washlug.org</a><br>
<a href="http://linux.marcdatabase.com/mailman/listinfo/washlug" rel="noreferrer" target="_blank">http://linux.marcdatabase.com/<wbr>mailman/listinfo/washlug</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">Willie Northway</div></div></div></div>
</div>