Search found 43 matches
- Wed Nov 06, 2013 8:11 pm
- Forum: NoScript General
- Topic: ScriptNo; NoScript Clone?
- Replies: 46
- Views: 127489
Re: ScriptNo; NoScript Clone?
ScriptDefender is another one that definitely seems to have *improved* over past attempts, but I still doubt the efficacy at this point. Anyone here had a look at it? Obviously it still lacks critical features of NoScript like XSS filtering, but I'd be curious to see if it falls flat on script block...
- Wed Sep 18, 2013 4:28 am
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
Has there been any progress on the APIs or are they still WontFix?
- Thu Oct 04, 2012 8:42 pm
- Forum: Security
- Topic: Review of the Top Picks in 2012 0-Day Benchmarks
- Replies: 17
- Views: 11752
Re: Review of the Top Picks in 2012 0-Day Benchmarks
I was gifted multiple Emsisoft keys (through various forums, I get keys gifted to me from people). I personally found it to be top notch but (I'm a Linux user and have no use for Antivirus on my Windows partition as it's purely for games and only rarely connects to the internet for online games) I p...
- Tue Jul 03, 2012 11:10 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
It's a separate API from the WebRequest API, which is why I ask. One of the issues with porting NoScript would be that you need Synchronous events. Chrome's extension system largely on supports asynchronous events for performance reasons. The WebRequest API introduced in Chrome 17 is asynchronous, m...
- Sat Jun 30, 2012 11:38 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
I think one of the current issues is the asynchronous WebRequest API being the only current option. With the declarative WebRequestAPI there's a synchronous option.
Just an FYI as this API is new.
https://code.google.com/chrome/extensio ... quest.html
Just an FYI as this API is new.
https://code.google.com/chrome/extensio ... quest.html
- Fri Jun 08, 2012 10:53 pm
- Forum: Security
- Topic: Flash Player sandboxing is coming to Firefox
- Replies: 11
- Views: 21435
Re: Flash Player sandboxing is coming to Firefox
FYI the new 11.3 sandbox is out.
- Tue Jun 05, 2012 4:52 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
Gotcha, thanks.
- Tue Jun 05, 2012 3:51 pm
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
Right, the idea is to prevent MITM attacks where you 'fake' the SSL. That's what SSL Strip does. HSTS doesn't allow the HTTP at all so the connection would either fail or use HTTPS. But I thought this had to be both implemented by the server and the browser - so I'm unclear as to what NoScript does ...
- Tue Jun 05, 2012 11:27 am
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
MITM, courtesy of HSTS and other HTTPS-enhancing features Now that is interesting. Is there more information on HSTS enforcement - it needs server side cooperation I assume? I learned about HSTS when checking out sslstrip so if there's some way to enforce it that would be very cool. I'll edit in AB...
- Tue Jun 05, 2012 2:21 am
- Forum: NoScript Development
- Topic: Noscript for Google Chrome?
- Replies: 154
- Views: 561325
Re: Noscript for Google Chrome?
google profits from ads. this probably won't be the top priority in their mind. They profit (as almost all ad companies do) form clicks, not views of ads. Therefor the functionality to block their profits has existed from day 1. Last I check NoScript was rumored for Chrome sometime in the summer? O...
- Sat May 19, 2012 1:01 am
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31129
Re: Flash Player sandboxing is coming to Firefox
I agree.I think we've covered this topic pretty thoroughly. Interesting discussion.
- Fri May 18, 2012 9:48 am
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31129
Re: Flash Player sandboxing is coming to Firefox
Really, we don't disagree on much, except that XP is presently not the Swiss cheese that it was when introduced, nor the Swiss cheese that you seem to be saying it is. I suppose so. I'm not suggesting you buy a new computer or move to Linux. Just saying that it makes sense that Adobe isn't creating...
- Thu May 17, 2012 4:01 pm
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31129
Re: Flash Player sandboxing is coming to Firefox
Weird. That's the second time that's happening.
Either way.... that explanation pretty much covers my view.
Either way.... that explanation pretty much covers my view.
- Thu May 17, 2012 3:27 pm
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31129
Re: Flash Player sandboxing is coming to Firefox
This'll be simplified. DEP aims to separate code from data (in terms of segregating rights by preventing areas of address space that can be written to from also being executable) in order to prevent an attacker from simply sending you data and executing it as code (kinda like if I posted Javascript ...
- Thu May 17, 2012 8:06 am
- Forum: Web Tech
- Topic: Various safety measures, OS comparisons, multi-boot, Flash b
- Replies: 49
- Views: 31129
Re: Flash Player sandboxing is coming to Firefox
Yes, sorry, I meant ASLR and SEHOP/ SafeSEH. https://blogs.technet.com/b/srd/archive ... ected=true Since this publication, the SEH overwrite technique has become a standard weapon in an attacker’s arsenal. Roughly 20% of the exploits included in the latest version of the Metasploit framework make u...