Hi malware fighters,

Again a reason to have NoScript installed in FF or Flock as a default.
Go for an innocent proof of concept you may go here:
http://www.spidynamics.com/spilabs/js-port-scan/
(Only scan if the Intranet machines belong to you, or you have full authority to do so, but that goes without saying).

Convinced now, beyond the password you are already lost,. Well with special crafted service-attack if they got the first letter of your entry, you’re lost with or without a password (PnP-service unpatched for instance), and your machine has been turned into a spamming machine for cybercriminals without your knowledge.

If JS is not getting any safer, I opt out by default, and only allow the sources/sites I can trust. Or another reason to use DropMeRights and Distrust add-on.

polonus