Search found 18 matches

by mik33mik
Fri May 28, 2010 8:41 am
Forum: Security
Topic: HTTPS Everywhere Firefox addon
Replies: 8
Views: 10119

HTTPS Everywhere Firefox addon

m From: Mike Perry Peter Eckersley of the EFF and I wrote this addon this past week to make it easier to use Google's SSL search feature, among other mixed-mode SSL sites: m The addon is based on the NoScript STS/HTTPS forcing engine, with improvements in how rules are specified. Rules for our addon...
by mik33mik
Fri Aug 07, 2009 5:23 pm
Forum: Security
Topic: Abusing Firefox Addons
Replies: 6
Views: 2742

Re: Abusing Firefox Addons

Hi Giorgio, have you read the presentation? NoScript has been mentioned in a negative way in this paper: -NoScript/AdBlockPlus provides false sense of security -chrome:// URI whitelisted on NoScript, any XSS injection there is not blocked Any input rendered in chrome is a potential XSS injection poi...
by mik33mik
Thu Jul 30, 2009 4:05 pm
Forum: NoScript General
Topic: NoScript Sightings
Replies: 153
Views: 364832

Re: NoScript Sightings

Eduardo Vela Nava, David Lindsay @ Black Hat:
Our Favorite XSS Filters and How to Attack Them

Presentation (pdf)

They have shown how bypass NoScript XSS filter
by mik33mik
Thu Jun 18, 2009 12:06 pm
Forum: Security
Topic: Is this fishy script?
Replies: 4
Views: 2210

Re: Is this fishy script?

It's an obfuscated malicious script, in an invisible iframe, that redirect to a .cn site with a frame containing a porn site. This porn site has a javascript that redirect to a web server containing various exploits for adobe pdf reader, and flash player. If the exploit is successful, your machine w...
by mik33mik
Sun Jun 07, 2009 7:31 pm
Forum: NoScript General
Topic: What about this info?
Replies: 2
Views: 902

Re: What about this info?

Hi, this is very old. Giorgio has fixed this issue with NoScript version 1.8.1.9 Changelog: m v 1.8.1.9 + Opacized objects are forced to a minimum size of 50x50 pixels + Opacized iframes get automatic scrollbars when content overflows (thanks RSnake for discussion) + Enhanced legacy frames managemen...
by mik33mik
Sat Jun 06, 2009 2:39 pm
Forum: Security
Topic: Tor (split from NoScript Didn't Block Rogue Site)
Replies: 14
Views: 7707

Re: Tor (split from NoScript Didn't Block Rogue Site)

This is an interesting read: m SteveTX (Steve Topletz) said that his deanonymizer can unmask TOR and many VPN services. He will release this tool in August, with a Wordpress plugin that uses an iframe to attack the user. It seem this tool can perform about 25 side-channel attaccks. He claims that he...
by mik33mik
Fri May 29, 2009 10:40 am
Forum: NoScript Support
Topic: Firefox vulnerability keygen tag VS NoScript
Replies: 4
Views: 1798

Firefox vulnerability keygen tag VS NoScript

http://blog.zoller.lu/2009/04/advisory- ... rvice.html

When I click the done button in the poc page, the attack is successful, even if noscript blocks all the script in that page.
by mik33mik
Tue May 26, 2009 6:10 pm
Forum: Security
Topic: Abusing Firefox Addons
Replies: 6
Views: 2742

Abusing Firefox Addons

Defcon 17 Abusing Firefox Addons Roberto Suggi Liverani Senior Security Consultant, Security-Assessment.com Nick Freeman Security Consultant, Security-Assessment.com Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla c...
by mik33mik
Wed May 13, 2009 2:48 pm
Forum: NoScript Development
Topic: Discussion: Site Specific Permissions Policy
Replies: 165
Views: 70670

Add a script manager feature

Hi Giorgio,
what do you think about to add a script manager to obtain a granular control of Javascript such as Controle de Scripts?
by mik33mik
Sat May 02, 2009 3:22 pm
Forum: NoScript General
Topic: Latest NoScript version (1.9.2) breaks Adblock Plus
Replies: 325
Views: 199670

Re: Latest NoScript version (1.9.2) breaks Adblock Plus

In Giorgio Maone we trust!

Thanks for this great addon, and thanks for working for our security!

Un caloroso saluto :)
by mik33mik
Tue Mar 24, 2009 9:32 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5001

Re: Blocking of Detecting Private Browsing Mode

Hi,
yes, the eternal struggle: privacy VS functionality, it's a very subjective choice.

About the question concerning RequestPolicy, it doesn't interfere with browser history setting.
by mik33mik
Sun Mar 22, 2009 9:53 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5001

Re: Blocking of Detecting Private Browsing Mode

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...
by mik33mik
Sun Mar 22, 2009 6:49 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5001

Re: Blocking of Detecting Private Browsing Mode

Hi,
Torbutton addon prevents this issue
by mik33mik
Fri Mar 20, 2009 4:31 pm
Forum: NoScript Support
Topic: HTTPS forbid active web content
Replies: 10
Views: 2454

Re: HTTPS forbid active web content

Thanks!

Grazie ;)