Search found 129 matches

by tlu
Sat Nov 09, 2013 4:10 pm
Forum: NoScript General
Topic: ScriptNo; NoScript Clone?
Replies: 46
Views: 126987

Re: ScriptNo; NoScript Clone?

BTW, the previous extension (HTTP Switchboard) has another fatal flaw, the choices are not persistent between sessions (meaning restarting the browser) - that's a mega giant failure and limitation. That's a mistake I also made at the beginning. If you want to make your choices permament you have to...
by tlu
Wed Sep 05, 2012 11:44 am
Forum: NoScript Development
Topic: allowing pdf.js only
Replies: 7
Views: 6482

Re: allowing pdf.js only

Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com Okay, thanks. I just noticed that it works with FF 17 as ment...
by tlu
Fri Aug 31, 2012 3:34 pm
Forum: NoScript Support
Topic: Java 0-day exploit question
Replies: 18
Views: 9461

Re: Java 0-day exploit question

@ tlu : I've got no idea of why your mime-type@site.com rules appear to work. They shouldn't. Okay, I repeated my tests and found the following: 1. On http://java.com/en/download/installed.jsp?detect=jre the rule seems to work: The code that tried to detect my java version didn't come to an end. (H...
by tlu
Thu Aug 30, 2012 1:27 pm
Forum: NoScript Support
Topic: Java 0-day exploit question
Replies: 18
Views: 9461

Re: Java 0-day exploit question

Giorgio,

btw - I am not the only one for which this rules work. Look what Tom once wrote here.
by tlu
Thu Aug 30, 2012 1:22 pm
Forum: NoScript Support
Topic: Java 0-day exploit question
Replies: 18
Views: 9461

Re: Java 0-day exploit question

Site java-vm@*.* Deny Sorry, there's a misunderstanding here. Syntax like "java-vm@*" or, more in general, "some-mime-type@some-url" cannot work in ABE (even though is used in NoScript's Blocked Objects menu) because at the time ABE runs (before hitting the network) the mime typ...
by tlu
Thu Aug 30, 2012 11:24 am
Forum: NoScript Development
Topic: allowing pdf.js only
Replies: 7
Views: 6482

Re: allowing pdf.js only

I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work. Hm, I tried that but didn't succeed with NS 2.5.3rc4 and FF 16 :( Is there anything else to consider or has something changed in the meantim...
by tlu
Thu Aug 30, 2012 10:45 am
Forum: NoScript Support
Topic: Java 0-day exploit question
Replies: 18
Views: 9461

Re: Java 0-day exploit question

= [checked] Apply these restrictions to whitelisted sites too. This is checked. Does this matter? No, that shouldn't matter in this case. I clicked "OK" and went to this "test page" at chessgames.com Paul Morphy vs Duke Karl / Count Isouard (1858) "A Night at the Opera"...
by tlu
Wed Aug 29, 2012 4:12 pm
Forum: NoScript Support
Topic: Java 0-day exploit question
Replies: 18
Views: 9461

Re: Java 0-day exploit question

Another method: uncheck "Forbid Java" in Noscript Options -> Embeddings tab and add the following rule in Options -> Advanced -> ABE -> User: Site java-vm@*.* Deny This blocks java on any site. If you want to define an exception for sites like, e.g., abc.org or xyz.com, this rule should lo...
by tlu
Sat Aug 25, 2012 10:02 am
Forum: NoScript Development
Topic: JavaScript-only whitelist?
Replies: 1
Views: 1401

Re: JavaScript-only whitelist?

Thrawn, I'm obviously not Giorgio :lol: and can't tell how difficult it would be to implement this feature. But considering that FF now offers click-to-play for plugins (which works very well with Noscript), I don't think that such an enhancement is worth the effort if we assume that NS 3 is (hopefu...
by tlu
Fri Aug 24, 2012 11:13 am
Forum: ABE
Topic: combination of Sandox and Anonymize actions?
Replies: 24
Views: 16873

Re: combination of Sandox and Anonymize actions?

GµårÐïåñ wrote: Just keep an eye out for it.
I certainly will :) Thanks for your reply!
by tlu
Thu Aug 23, 2012 12:50 pm
Forum: ABE
Topic: combination of Sandox and Anonymize actions?
Replies: 24
Views: 16873

Re: combination of Sandox and Anonymize actions?

Thrawn wrote:Is Anonymize+Sandbox on the radar to be implemented? I'd love to support it in SABER.
Thrawn, just out of curiosity: Have you made any progress with SABER? Is there an alpha/beta version to test? What you were planning to implement sounds very interesting, indeed!
by tlu
Sun Aug 05, 2012 11:14 am
Forum: NoScript General
Topic: What's the advantage of NoScript over Click to play
Replies: 1
Views: 2980

Re: What's the advantage of NoScript over Click to play

Your first sentence is incorrect: the click-to-play feature ONLY applies to plugins and NOT to javascript. CTP is not a replacement for Noscript at all as NS offers a lot more as explained on its features site and the FAQ , like an excellent protection against XSS and Clickjacking (among many other ...
by tlu
Mon Jul 16, 2012 11:14 am
Forum: NoScript General
Topic: collusion
Replies: 14
Views: 10410

Re: collusion

Yeah in my view Fx is dead browser walking and I foresee that it will go the way of other browsers that got hyped and then died off. Addons like NS and RP are the only reason I stick with it and even then its only about 30% of the time, I use my own builds of Chromium original source so I don't hav...
by tlu
Sun Jun 24, 2012 9:58 am
Forum: NoScript Support
Topic: Problem with Noscript and Lastpass
Replies: 4
Views: 3355

Re: Problem with Noscript and Lastpass

No problem here with NS 2.4.7rc3, Lastpass 2.0 and FF 14. I've added lastpass.com to "Force the following sites to use secure (HTTPS) connections".

Perhaps a problem related to FF 15?
by tlu
Sun Jun 03, 2012 4:25 pm
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 30682

Re: Flash Player sandboxing is coming to Firefox

I understand your point about adding additional layers of defense, bypassable or otherwise. The flip side of that is that larger footprint = larger attack surface. Tom, that's not necessarily true. It's true, e.g., if you're using more and more addons in your browser. It's not true, e.g., for a com...