Search found 18 matches
- Fri May 28, 2010 8:41 am
- Forum: Security
- Topic: HTTPS Everywhere Firefox addon
- Replies: 8
- Views: 12749
HTTPS Everywhere Firefox addon
http://archives.seul.org/or/talk/May-2010/msg00293.html From: Mike Perry Peter Eckersley of the EFF and I wrote this addon this past week to make it easier to use Google's SSL search feature, among other mixed-mode SSL sites: https://www.eff.org/https-everywhere/ The addon is based on the NoScript S...
- Thu Feb 18, 2010 10:23 am
- Forum: NoScript Support
- Topic: Firefox vulnerability keygen tag VS NoScript
- Replies: 4
- Views: 3754
- Fri Aug 07, 2009 5:23 pm
- Forum: Security
- Topic: Abusing Firefox Addons
- Replies: 6
- Views: 5036
Re: Abusing Firefox Addons
Hi Giorgio, have you read the presentation? NoScript has been mentioned in a negative way in this paper: -NoScript/AdBlockPlus provides false sense of security -chrome:// URI whitelisted on NoScript, any XSS injection there is not blocked Any input rendered in chrome is a potential XSS injection poi...
- Thu Jul 30, 2009 4:05 pm
- Forum: NoScript General
- Topic: NoScript Sightings
- Replies: 155
- Views: 716263
Re: NoScript Sightings
Eduardo Vela Nava, David Lindsay @ Black Hat:
Our Favorite XSS Filters and How to Attack Them
Presentation (pdf)
They have shown how bypass NoScript XSS filter
Our Favorite XSS Filters and How to Attack Them
Presentation (pdf)
They have shown how bypass NoScript XSS filter
- Thu Jun 18, 2009 12:06 pm
- Forum: Security
- Topic: Is this fishy script?
- Replies: 4
- Views: 4206
Re: Is this fishy script?
It's an obfuscated malicious script, in an invisible iframe, that redirect to a .cn site with a frame containing a porn site. This porn site has a javascript that redirect to a web server containing various exploits for adobe pdf reader, and flash player. If the exploit is successful, your machine w...
- Sun Jun 07, 2009 7:31 pm
- Forum: NoScript General
- Topic: What about this info?
- Replies: 2
- Views: 2168
Re: What about this info?
Hi, this is very old. Giorgio has fixed this issue with NoScript version 1.8.1.9 Changelog: http://noscript.net/changelog v 1.8.1.9 + Opacized objects are forced to a minimum size of 50x50 pixels + Opacized iframes get automatic scrollbars when content overflows (thanks RSnake for discussion) + Enha...
- Sat Jun 06, 2009 2:39 pm
- Forum: Security
- Topic: Tor (split from NoScript Didn't Block Rogue Site)
- Replies: 14
- Views: 11130
Re: Tor (split from NoScript Didn't Block Rogue Site)
This is an interesting read: http://www.wilderssecurity.com/showthread.php?t=244078 SteveTX (Steve Topletz) said that his deanonymizer can unmask TOR and many VPN services. He will release this tool in August, with a Wordpress plugin that uses an iframe to attack the user. It seem this tool can perf...
- Fri May 29, 2009 10:40 am
- Forum: NoScript Support
- Topic: Firefox vulnerability keygen tag VS NoScript
- Replies: 4
- Views: 3754
Firefox vulnerability keygen tag VS NoScript
http://blog.zoller.lu/2009/04/advisory- ... rvice.html
When I click the done button in the poc page, the attack is successful, even if noscript blocks all the script in that page.
When I click the done button in the poc page, the attack is successful, even if noscript blocks all the script in that page.
- Tue May 26, 2009 6:10 pm
- Forum: Security
- Topic: Abusing Firefox Addons
- Replies: 6
- Views: 5036
Abusing Firefox Addons
Defcon 17 Abusing Firefox Addons Roberto Suggi Liverani Senior Security Consultant, Security-Assessment.com Nick Freeman Security Consultant, Security-Assessment.com Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla c...
- Wed May 13, 2009 2:48 pm
- Forum: NoScript Development
- Topic: Discussion: Site Specific Permissions Policy
- Replies: 165
- Views: 114169
Add a script manager feature
Hi Giorgio,
what do you think about to add a script manager to obtain a granular control of Javascript such as Controle de Scripts?
what do you think about to add a script manager to obtain a granular control of Javascript such as Controle de Scripts?
- Sat May 02, 2009 3:22 pm
- Forum: NoScript General
- Topic: Latest NoScript version (1.9.2) breaks Adblock Plus
- Replies: 325
- Views: 333429
Re: Latest NoScript version (1.9.2) breaks Adblock Plus
In Giorgio Maone we trust!
Thanks for this great addon, and thanks for working for our security!
Un caloroso saluto
Thanks for this great addon, and thanks for working for our security!
Un caloroso saluto
- Tue Mar 24, 2009 9:32 pm
- Forum: NoScript General
- Topic: Blocking of Detecting Private Browsing Mode
- Replies: 10
- Views: 9237
Re: Blocking of Detecting Private Browsing Mode
Hi,
yes, the eternal struggle: privacy VS functionality, it's a very subjective choice.
About the question concerning RequestPolicy, it doesn't interfere with browser history setting.
yes, the eternal struggle: privacy VS functionality, it's a very subjective choice.
About the question concerning RequestPolicy, it doesn't interfere with browser history setting.
- Sun Mar 22, 2009 9:53 pm
- Forum: NoScript General
- Topic: Blocking of Detecting Private Browsing Mode
- Replies: 10
- Views: 9237
Re: Blocking of Detecting Private Browsing Mode
The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...
- Sun Mar 22, 2009 6:49 pm
- Forum: NoScript General
- Topic: Blocking of Detecting Private Browsing Mode
- Replies: 10
- Views: 9237
Re: Blocking of Detecting Private Browsing Mode
Hi,
Torbutton addon prevents this issue
Torbutton addon prevents this issue
- Fri Mar 20, 2009 4:31 pm
- Forum: NoScript Support
- Topic: HTTPS forbid active web content
- Replies: 10
- Views: 6654
Re: HTTPS forbid active web content
Thanks!
Grazie
Grazie