You may want to consider verifying whether a domain / subdomain on the said list is valid per:Giorgio Maone wrote:Sorry for the difference with the beta channel, but AMO's signing process is still quite buggy and among other bugs there's one which makes pushin betas for automatic updates way more difficult than doing this for stable versions (quite the opposite of what should be).
Anyway, latest development build with the whitelist-related changes is on noscript.net, and I've asked AMO admins to manually push it for automatic update, but since many are traveling from their Whistler work-week I'm not sure it's gonna happen immediately.
Thanks for your patience.
https://news.ycombinator.com/item?id=9795103
They're referencing this topic:
http://thehackerblog.com/the-noscript-m ... ndcdn-net/
It seems someone was trying to check out the security of noscript and their timing was perfect. They found this thread, but they failed to realize that the URL on this thread and the URL now on NoScript is indeed a typo as someone else on HN noticed. The actual domain / subdomain that should of been white listed: vjs.zencdn.net what was white listed: vjs.zenDcdn.net
I highly recommend verifying domains and subdomains actually exist before adding them because if I can just buy a domain on the white list then all of a sudden I can target multiple attacks towards noscript users.
Edit:
Realized someone else reported the typo at least. Sorry for missing that post. But I still think it should be considered to check domains before they're added, considering how big of a flop it would be if the wrong person got a domain based on a typo.