New JavaScript-Based Timing Attack Steals All Browser Source Data 167
Trailrunner7 writes "Security researchers have been warning about the weaknesses and issues with JavaScript and iframes for years now, but the problem goes far deeper than even many of them thought. A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing attacks and other tactics to read any information he wants from a targeted user's browser and sites the victim is logged into. The attack works on all of the major browsers and researchers say there's no simple fix to prevent it."
No JavaScript == No Web. (Score:2, Insightful)
You could try enabling it on your bank's website.
Which I did.
The trouble is, very few websites work without it.
In other words, I was whitelisting every website that I visited.
Javascript is used so much, I never came across a website that would function without it.
No JavaScript == No Web.
Re:Yes, there is a simple fix (Score:3, Insightful)
If enough users disable javascript, sites will be forced to provide a content generating back-end alternative. Js is becoming the new Flash. Opening wide up for vulnerabilities, and draining your laptops battery.