On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters at mac.com> wrote: > Lanny Marcus wrote: <snip> > My experience is that when browsing on any OS and you come across an > error message stating that your computer is infected and you need to > install such and such software, the web site I was visiting has an XSS > exploit that was taken advantage of to try and get you to manually > install a piece of malware. > > Install the FireFox extension "noscript" and be very careful about what > domains you authorize scripting from. > > The fact that an XSS attack was able to give you a phony message means > the same site could have XSS that reads your cookie and steals your > session ID. > > Noscript reduces the odds of such attacks being succesful. Michael: Thank you for the above explanation. I am going to copy it and email it to the webmaster of that web site. Once, about 4-6 months ago, there was a warning from Google (?), about it being an Attack site, and he eliminated whatever was causing that. This time, no warnings, but certainly something out there. I will get the "noscript" extension for Firefox. Lanny