Search found 43 matches

by Hungry Man
Wed Nov 06, 2013 8:11 pm
Forum: NoScript General
Topic: ScriptNo; NoScript Clone?
Replies: 46
Views: 108246

Re: ScriptNo; NoScript Clone?

ScriptDefender is another one that definitely seems to have *improved* over past attempts, but I still doubt the efficacy at this point. Anyone here had a look at it? Obviously it still lacks critical features of NoScript like XSS filtering, but I'd be curious to see if it falls flat on script block...
by Hungry Man
Wed Sep 18, 2013 4:28 am
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

Has there been any progress on the APIs or are they still WontFix?
by Hungry Man
Thu Oct 04, 2012 8:42 pm
Forum: Security
Topic: Review of the Top Picks in 2012 0-Day Benchmarks
Replies: 17
Views: 7858

Re: Review of the Top Picks in 2012 0-Day Benchmarks

I was gifted multiple Emsisoft keys (through various forums, I get keys gifted to me from people). I personally found it to be top notch but (I'm a Linux user and have no use for Antivirus on my Windows partition as it's purely for games and only rarely connects to the internet for online games) I p...
by Hungry Man
Tue Jul 03, 2012 11:10 pm
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

It's a separate API from the WebRequest API, which is why I ask. One of the issues with porting NoScript would be that you need Synchronous events. Chrome's extension system largely on supports asynchronous events for performance reasons. The WebRequest API introduced in Chrome 17 is asynchronous, m...
by Hungry Man
Sat Jun 30, 2012 11:38 pm
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

I think one of the current issues is the asynchronous WebRequest API being the only current option. With the declarative WebRequestAPI there's a synchronous option.

Just an FYI as this API is new.

https://code.google.com/chrome/extensio ... quest.html
by Hungry Man
Fri Jun 08, 2012 10:53 pm
Forum: Security
Topic: Flash Player sandboxing is coming to Firefox
Replies: 11
Views: 16384

Re: Flash Player sandboxing is coming to Firefox

FYI the new 11.3 sandbox is out.
by Hungry Man
Tue Jun 05, 2012 4:52 pm
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

Gotcha, thanks.
by Hungry Man
Tue Jun 05, 2012 3:51 pm
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

Right, the idea is to prevent MITM attacks where you 'fake' the SSL. That's what SSL Strip does. HSTS doesn't allow the HTTP at all so the connection would either fail or use HTTPS. But I thought this had to be both implemented by the server and the browser - so I'm unclear as to what NoScript does ...
by Hungry Man
Tue Jun 05, 2012 11:27 am
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

MITM, courtesy of HSTS and other HTTPS-enhancing features Now that is interesting. Is there more information on HSTS enforcement - it needs server side cooperation I assume? I learned about HSTS when checking out sslstrip so if there's some way to enforce it that would be very cool. I'll edit in AB...
by Hungry Man
Tue Jun 05, 2012 2:21 am
Forum: NoScript Development
Topic: Noscript for Google Chrome?
Replies: 154
Views: 472713

Re: Noscript for Google Chrome?

google profits from ads. this probably won't be the top priority in their mind. They profit (as almost all ad companies do) form clicks, not views of ads. Therefor the functionality to block their profits has existed from day 1. Last I check NoScript was rumored for Chrome sometime in the summer? O...
by Hungry Man
Sat May 19, 2012 1:01 am
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 17768

Re: Flash Player sandboxing is coming to Firefox

I think we've covered this topic pretty thoroughly. Interesting discussion.

I agree.
by Hungry Man
Fri May 18, 2012 9:48 am
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 17768

Re: Flash Player sandboxing is coming to Firefox

Really, we don't disagree on much, except that XP is presently not the Swiss cheese that it was when introduced, nor the Swiss cheese that you seem to be saying it is. I suppose so. I'm not suggesting you buy a new computer or move to Linux. Just saying that it makes sense that Adobe isn't creating...
by Hungry Man
Thu May 17, 2012 4:01 pm
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 17768

Re: Flash Player sandboxing is coming to Firefox

Weird. That's the second time that's happening.

Either way.... that explanation pretty much covers my view.
by Hungry Man
Thu May 17, 2012 3:27 pm
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 17768

Re: Flash Player sandboxing is coming to Firefox

This'll be simplified. DEP aims to separate code from data (in terms of segregating rights by preventing areas of address space that can be written to from also being executable) in order to prevent an attacker from simply sending you data and executing it as code (kinda like if I posted Javascript ...
by Hungry Man
Thu May 17, 2012 8:06 am
Forum: Web Tech
Topic: Various safety measures, OS comparisons, multi-boot, Flash b
Replies: 49
Views: 17768

Re: Flash Player sandboxing is coming to Firefox

Yes, sorry, I meant ASLR and SEHOP/ SafeSEH. https://blogs.technet.com/b/srd/archive ... ected=true Since this publication, the SEH overwrite technique has become a standard weapon in an attacker’s arsenal. Roughly 20% of the exploits included in the latest version of the Metasploit framework make u...