Search found 9272 matches

by Giorgio Maone
Fri May 29, 2009 8:23 pm
Forum: NoScript Support
Topic: Doubleclick gets through?
Replies: 19
Views: 10524

Re: Doubleclick gets through?

therube wrote:(I don't think that is the "profile" you intended? Perhaps Profiling practices?)
The wrong auto-linking happened because of a GreaseMonkey script I use to speedup my posting here :P
by Giorgio Maone
Fri May 29, 2009 7:58 pm
Forum: NoScript Support
Topic: Doubleclick gets through?
Replies: 19
Views: 10524

Re: Doubleclick gets through?

Then they would have known I had visited youtube and what page I'd looked at. That's what that link is for. Is that right? No, not necessarily. You asked if it could be used to track you, but that's very unlikely their main purpose. Doubleclick is an advertising company, so the main purpose of the ...
by Giorgio Maone
Fri May 29, 2009 7:39 pm
Forum: NoScript Support
Topic: Update SYSTEM.abe
Replies: 9
Views: 4124

Re: Update SYSTEM.abe

@mr greenhatch:

Yes, thanks to the following built-in rule (in the SYSTEM ruleset), it protects from any attack of the Internet->Intranet CSRF class:

Code: Select all

Site LOCAL
Accept from LOCAL
Deny
This one, for instance, no matter if the attacker site has JavaScript enabled or not.
by Giorgio Maone
Fri May 29, 2009 5:32 pm
Forum: NoScript Support
Topic: Doubleclick gets through?
Replies: 19
Views: 10524

Re: Doubleclick gets through?

And in the case of DC that information could and would be used, I suppose, for tracking? Yes, but your IP alone is not enough for effective profiling (many users can share the same IP), and therefore it won't be used for tracking unless other data is available for identification (see below). So, th...
by Giorgio Maone
Fri May 29, 2009 4:40 pm
Forum: NoScript Support
Topic: Doubleclick gets through?
Replies: 19
Views: 10524

Re: Doubleclick gets through?

If it's not "transferring code," you seem to be saying its harmless. Is that right? Well, not exactly. With every HTTP data transfer some information is sent: Your IP The address of the page you're visiting Some details about your browser configuration All of this info, except the IP, can...
by Giorgio Maone
Fri May 29, 2009 4:19 pm
Forum: NoScript Support
Topic: Doubleclick gets through?
Replies: 19
Views: 10524

Re: Doubleclick gets through?

But please explain what's happening when I see "transferring data from doubleclick.net" in the status bar? Is that a script, and if so, shouldn't NS be blocking it? "Transferring data" means exactly that, data (not necessarily code) is being transferred. It can be an image, an i...
by Giorgio Maone
Fri May 29, 2009 4:11 pm
Forum: NoScript Support
Topic: Firefox vulnerability keygen tag VS NoScript
Replies: 4
Views: 4046

Re: Firefox vulnerability keygen tag VS NoScript

Where are the scripts, I don't see any? (At least not at http://secdev.zoller.lu/ff_dos_keygen.html) onload="document.forms[0].submit()" It's JavaScript, and it means that as soon as the page loads, the first form in the page gets submitted automatically. NoScript prevents this script fro...
by Giorgio Maone
Fri May 29, 2009 4:08 pm
Forum: NoScript General
Topic: Icon Meaning Clarification
Replies: 7
Views: 4546

Re: Icon Meaning Clarification

So more simply perhaps ... For whatever reason, I have whitelisted (Allowed) badsite1.com & badsite2.com & badsite3.com. Now I go & visit disney.com. I have NOT Allowed disney. Disney is harboring scripts from badsite1 & badsite2 & badsite3. Since I have NOT allowed disney, I am...
by Giorgio Maone
Fri May 29, 2009 12:55 pm
Forum: NoScript General
Topic: Icon Meaning Clarification
Replies: 7
Views: 4546

Re: Icon Meaning Clarification

Yes it is. When the main document is not in your whitelist, scripts imported with <SCRIPT src="some-other-domain.js"></SCRIPT> are not loaded at all, and even if they were loaded, couldn't execute anyway because their hosting "docshell" has JavaScript disabled. That's why I sligh...
by Giorgio Maone
Fri May 29, 2009 10:54 am
Forum: NoScript Support
Topic: Firefox vulnerability keygen tag VS NoScript
Replies: 4
Views: 4046

Re: Firefox vulnerability keygen tag VS NoScript

Not exactly. Half of the "PoC" (key generation) works, because the keygen element is designed to work without scripts. However the part where he forces the form to be submitted in the onload event, causing an endless loop (the form gets submitted and the keygen process restarts) fails, bec...
by Giorgio Maone
Fri May 29, 2009 12:26 am
Forum: NoScript Development
Topic: [COOKIES STILL NOT FIXED] forcing https broken in ff2
Replies: 16
Views: 11114

Re: [NOT TOTALLY FIXED] forcing https broken in ff2

@Tom T.:
did you try to clear your previously set cookies first?
by Giorgio Maone
Thu May 28, 2009 5:21 pm
Forum: FlashGot Support
Topic: Please, stop updating the addon every 3 days
Replies: 13
Views: 8159

Re: Please, stop updating the addon every 3 days (suggestion)

Anon wrote:What about an option in the menu to either enable/disable (by checkbox {default on})
NoScript Options|Notifications|Display the release notes on updates, see FAQ 2.5.
by Giorgio Maone
Thu May 28, 2009 5:19 pm
Forum: NoScript Support
Topic: Noscript and TidyRead
Replies: 2
Views: 1769

Re: Noscript and TidyRead

If the page you're watching is allowed (Temporarily allow) and tinyread.com is allowed, the bookmarklet should work. Current NoScript version can run the TidyRead bookmarklet on untrusted pages as well as long as you've got tinyread.com in your whitelist, but with an important limitation: after the ...
by Giorgio Maone
Thu May 28, 2009 4:25 pm
Forum: FlashGot Support
Topic: gwget + flashgot all
Replies: 5
Views: 4739

Re: gwget + flashgot all

@ ubuntu user : please ignore therube's last post, he was referring to the general behavior of most FlashGot download manager adapters. The gwGet's is a special one, since gwGet accepts only one URL on the command line but inherits the recursive features of wGet. Therefore, in the "FlashGot All...
by Giorgio Maone
Thu May 28, 2009 3:36 pm
Forum: FlashGot Support
Topic: canot download covers
Replies: 4
Views: 3803

Re: canot download covers

How are your cookie settings in FlashGot Options|Privacy, in Internet Explorer and in FlashGet (since FlashGet doesn't support direct cookie passing, FlashGot passes them to IE where FlashGet can read them, then deletes them).