No. of Recommendations: 0
I guess that's a part I don't understand. I can see how running some program on your own computer (whether it's Office or a game or Java) can create a threat to your computer. But how does running a program on a server cause a threat to you when browsing the web?

Initially, it doesn't cause a threat. Let's say the server is running what's called a LAMP stack (short for Linux-Apache-MySQL-PHP), and the admins haven't been very diligent with security patches. On day zero, everything is all fine and dandy, the world is pure and clean, and everything is great. Then on day one, Bad People come and exploit a month old vulnerability in PHP, where it passes invalid arguments to MySQL that cause a buffer overflow and remote code execution bug in Apache, the end result of which is gaining root (superuser) rights to the Linux host. When you're "root" you can do *anything* and the machine will follow you right off the volcano's edge and into the bubbling pool of magma below if you so order it.

So these Bad People decide that rather than just throw a bunch of graffiti on the websites (which, while great for grabbing attention, is counter-productive to their goal of creating a botnet BECAUSE it gets attention), they write a tiny little snippet of JavaScript which embeds itself into the body of every HTML file served, and does nothing more than say "Powered by LAMP." Because JS is such an integral part of the web these days, and since every browser has support for it built-in, even the site admins don't think anything is amiss... it's just there, silently advertising to the Bad People that whatever backdoor they installed is still there. Now a month or two goes by, and the bad guys move to phase two: Taking advantage of their mark's laziness and complacency to begin installing virii/trojans/whatnot on their visitor's machines. What had been a server-side vulnerability just became the end-user's nightmare.

SJK: Yes, incompatibilities existed, and I'm sure you're very proud of being an old graybeard, but I'm not going to get into a forest-for-the-trees argument with you. Nor am I going to get into arguments about interpreters versus virtual machines versus sandboxes versus your need to swoop in here and puff yourself up. Go troll RMS, he likes that sort of thing.
Print the post  


When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.