Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm sure my opinion will change as soon as one of my accounts are compromised. Since it hasn't happened yet, it's basically off my radar.

Humans are quite irrational sometimes...




You might be right. I was personally hit by a Twitter XSS once. The only reason I enabled JavaScript on twitter.com was because you can't post (or at least couldn't) post new items without enabling it first.

I don't use the twitter.com website any more. Prefering to use clients that don't run JavaScript. Whenever I can use something other than a web browser to access a service, I will take that path. I use NoScript when that isn't an option.

I also found (and reported responsibly) an XSRF flaw in Linode.com a few months back that I believe has now been fixed. That was quite a dangerous one. I also found an XSS flaw in DuckDuckGo a few weeks back. Maybe this is the reason I'm so "paranoid" about JavaScript. Maybe I'm right to be.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: