I can but will not demonstrate how to build a JAWS script that will mail you all of the passwords, logins and email addresses used on a particular machine using JAWS 3.xx so the hole has been there all the time. GW has done the right thing by making itself language agnostic so a non-hacker blink can now ask a friend who knows virtually any programming language to bang out a quick script or two to handle some tricky situations with no greater security gaps than one can create on 90% of computers used by people with vision impairment today. A few months ago I wrote a blog article on this very matter - specifically that all screen readers, scriptable or otherwise, produce a security gap that none of the vendors have figured out how to close. I can think of a few techniques one might use in a screen reader to increase security but not all of the way to anything remotely solid. cdh From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of John Greer Sent: Monday, February 04, 2008 2:55 PM To: programmingblind@xxxxxxxxxxxxx Subject: Concern about the latest Window Eyes scripting move Once I got over the initial shock and amazement at GWMicro's decision to make Window Eyes scriptable. Especially in such a powerful way as to let it be scriptable with many different scripting languages, I began to think. Would that not also open Window Eyes and Windows up to a whole new world of script based viruses? VBScript and Java Script are after all 2 of the languages that have that sort of power. It just concerns me a bit that in GWMicro's rush to become the top screen reader, that they may have actually open the flood gates a bit too wide. __________ NOD32 2849 (20080205) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com