剛剛才發佈的新聞... From ZDnet :http://blogs.zdnet.com/security/?p=1972&tag=nl.e589 重點句在這邊: In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening 簡單就是說...這種惡意網站就算你關掉javascript的支援也沒輒 因為他是利用瀏覽器本身的缺點來攻擊的 你到這惡意網站後會完全被控制, 包括點選任何連結或按鈕或任何東西 現在只有確定Lynx 不會遭受這種攻擊 所以...改用Lynx來看最安全XD 微軟跟Mozzila都承認這是個暫時無法解決的難題 目前解決辦法就是:關掉瀏覽器所有scripting 和 pluggins -- 我想 大家先到有保障的網站逛就沒事了XD -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 67.194.2.233