w.learning wrote:. Maybe a better question would be does noscript protect from a live human being hacking as well as it does from malware using scripts?
It's an axiom of computer security that if anyone can gain physical access to the machine, you can be toast.
For example, they could install a keylogger, perhaps a hardware one rather than a software one. (The FBI does this with suspected criminals. Whether they have a a warrant is a different issue...) NoScript cannot protect you from that, or from any machine that has already been compromised in any of a number of ways. Nothing else can, either. So the main thing is never to let the laptop out of your sight, or lock it up very securely, using a physically-locked case, etc.
If a hacker in the school's IT room or whatever can insert malicious code into the coding of the school's site itself (as opposed to doing so from a third-party web site), then in essence you are connecting to a malicious web site. NoScript can stop some attacks, but if you have to allow the school's scripting to use the site, then the evildoer has the same privileges in your browser as the school does. School's out.
Sounds like a very careless IT department, to put so much personal info on the web site without adequate protection. Any chance they'll listen to complaints? dhouwn
's suggestion to use the Force HTTPS feature is a good one, but only if the site accepts and supports HTTPS connections. Not all do.
A more complex solution would be a VPN (Virtual Private Network) from your school laptop to your home desktop, which eliminates the concern of eavesdropping on the wireless signal. Most such solutions use non-public address spaces (E. g., LogMeIn Hamachi uses 5.x.x.x, which is not recognized on the public Internet) and very strong encryption. In essence, you're sitting at your home computer, though working it (securely) from your school computer.
Or try a different school.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20111103 Firefox/3.6.24