Search found 18 matches

by mik33mik
Fri May 28, 2010 8:41 am
Forum: Security
Topic: HTTPS Everywhere Firefox addon
Replies: 8
Views: 12735

HTTPS Everywhere Firefox addon

http://archives.seul.org/or/talk/May-2010/msg00293.html From: Mike Perry Peter Eckersley of the EFF and I wrote this addon this past week to make it easier to use Google's SSL search feature, among other mixed-mode SSL sites: https://www.eff.org/https-everywhere/ The addon is based on the NoScript S...
by mik33mik
Fri Aug 07, 2009 5:23 pm
Forum: Security
Topic: Abusing Firefox Addons
Replies: 6
Views: 5031

Re: Abusing Firefox Addons

Hi Giorgio, have you read the presentation? NoScript has been mentioned in a negative way in this paper: -NoScript/AdBlockPlus provides false sense of security -chrome:// URI whitelisted on NoScript, any XSS injection there is not blocked Any input rendered in chrome is a potential XSS injection poi...
by mik33mik
Thu Jul 30, 2009 4:05 pm
Forum: NoScript General
Topic: NoScript Sightings
Replies: 155
Views: 698483

Re: NoScript Sightings

Eduardo Vela Nava, David Lindsay @ Black Hat:
Our Favorite XSS Filters and How to Attack Them

Presentation (pdf)

They have shown how bypass NoScript XSS filter
by mik33mik
Thu Jun 18, 2009 12:06 pm
Forum: Security
Topic: Is this fishy script?
Replies: 4
Views: 4144

Re: Is this fishy script?

It's an obfuscated malicious script, in an invisible iframe, that redirect to a .cn site with a frame containing a porn site. This porn site has a javascript that redirect to a web server containing various exploits for adobe pdf reader, and flash player. If the exploit is successful, your machine w...
by mik33mik
Sun Jun 07, 2009 7:31 pm
Forum: NoScript General
Topic: What about this info?
Replies: 2
Views: 2158

Re: What about this info?

Hi, this is very old. Giorgio has fixed this issue with NoScript version 1.8.1.9 Changelog: http://noscript.net/changelog v 1.8.1.9 + Opacized objects are forced to a minimum size of 50x50 pixels + Opacized iframes get automatic scrollbars when content overflows (thanks RSnake for discussion) + Enha...
by mik33mik
Sat Jun 06, 2009 2:39 pm
Forum: Security
Topic: Tor (split from NoScript Didn't Block Rogue Site)
Replies: 14
Views: 11105

Re: Tor (split from NoScript Didn't Block Rogue Site)

This is an interesting read: http://www.wilderssecurity.com/showthread.php?t=244078 SteveTX (Steve Topletz) said that his deanonymizer can unmask TOR and many VPN services. He will release this tool in August, with a Wordpress plugin that uses an iframe to attack the user. It seem this tool can perf...
by mik33mik
Fri May 29, 2009 10:40 am
Forum: NoScript Support
Topic: Firefox vulnerability keygen tag VS NoScript
Replies: 4
Views: 3752

Firefox vulnerability keygen tag VS NoScript

http://blog.zoller.lu/2009/04/advisory- ... rvice.html

When I click the done button in the poc page, the attack is successful, even if noscript blocks all the script in that page.
by mik33mik
Tue May 26, 2009 6:10 pm
Forum: Security
Topic: Abusing Firefox Addons
Replies: 6
Views: 5031

Abusing Firefox Addons

Defcon 17 Abusing Firefox Addons Roberto Suggi Liverani Senior Security Consultant, Security-Assessment.com Nick Freeman Security Consultant, Security-Assessment.com Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla c...
by mik33mik
Wed May 13, 2009 2:48 pm
Forum: NoScript Development
Topic: Discussion: Site Specific Permissions Policy
Replies: 165
Views: 113693

Add a script manager feature

Hi Giorgio,
what do you think about to add a script manager to obtain a granular control of Javascript such as Controle de Scripts?
by mik33mik
Sat May 02, 2009 3:22 pm
Forum: NoScript General
Topic: Latest NoScript version (1.9.2) breaks Adblock Plus
Replies: 325
Views: 331964

Re: Latest NoScript version (1.9.2) breaks Adblock Plus

In Giorgio Maone we trust!

Thanks for this great addon, and thanks for working for our security!

Un caloroso saluto :)
by mik33mik
Tue Mar 24, 2009 9:32 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 9177

Re: Blocking of Detecting Private Browsing Mode

Hi,
yes, the eternal struggle: privacy VS functionality, it's a very subjective choice.

About the question concerning RequestPolicy, it doesn't interfere with browser history setting.
by mik33mik
Sun Mar 22, 2009 9:53 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 9177

Re: Blocking of Detecting Private Browsing Mode

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...
by mik33mik
Sun Mar 22, 2009 6:49 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 9177

Re: Blocking of Detecting Private Browsing Mode

Hi,
Torbutton addon prevents this issue
by mik33mik
Fri Mar 20, 2009 4:31 pm
Forum: NoScript Support
Topic: HTTPS forbid active web content
Replies: 10
Views: 6559

Re: HTTPS forbid active web content

Thanks!

Grazie ;)