Scary

Talk about internet security, computer security, personal security, your social security number...
Post Reply
cocoapuff
Posts: 18
Joined: Mon Mar 07, 2011 10:31 am

Scary

Post by cocoapuff » Tue May 17, 2011 10:04 am

The way I had been using NoScript was, disallow Javascript by default on every new web page. Then, after I come to the conclusion that the website is legitimate, whitelist it. Now comes a report from a security researcher that even well-known websites from reputable publishers may spread malware.

http://research.zscaler.com/2011/05/gee ... t-kit.html

That is troubling. The threat can be mitigated by making sure to keep everything updated all the time, so that any known vulnerabilities are patched.

But it raises the question whether Javascript is simply too risky and should be turned off everywhere. However, some websites are simply broken without Javascript. Ideally web pages should "fail gracefully" when viewed with JS off, but quite often it's an "all-or-nothing" thing.
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17

User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Scary

Post by therube » Tue May 17, 2011 2:04 pm

> even well-known websites from reputable publishers may spread malware

Of course. Could be anywhere, even here. They get hacked, a malicious ad, whatever.

> Javascript ... should be turned off everywhere

That works. Except for a very select few sites, it's off.

> some websites are simply broken without Javascript

True. But you get to know, or get a feel, when you'll need to allow something.

> web pages should "fail gracefully"

Ah, utopia. But then they'd just code malware to not need JavaScript. Would be harder, but they would still do it.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14

Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Scary

Post by Alan Baxter » Tue May 17, 2011 2:14 pm

From http://research.zscaler.com/2011/05/gee ... t-kit.html
The malicious Iframe redirects victims to a malicious website hosting an exploit kit.

I've bolded the relevant quote from the article you linked, cocoapuff. Allowing geek.com would not have let the exploit through. In this case, you're sufficiently protected by using a fully patched Firefox (and maybe operating system too?) or not allowing malicious third-party domains. This issue is an example of why I warn people off blindly Allow or Temporarily Allow all this page.
Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

cocoapuff
Posts: 18
Joined: Mon Mar 07, 2011 10:31 am

Re: Scary

Post by cocoapuff » Tue May 17, 2011 2:23 pm

Alan Baxter wrote:Allowing geek.com would not have let the exploit through.

Thank you for this important clarification. I hope I hadn't offended il dottore Maone by implying that I use NoScript just as a dumb toggle to turn Javascript off/on, I realize it's much, much more powerful than that. :)
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17

Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Scary

Post by Alan Baxter » Tue May 17, 2011 2:39 pm

You're welcome. I think I use my NoScript permissions pretty much like therube described above. If I need to allow javascript to activate some of the features I need on a trusted site, I'll manually Allow it to use javascript without any worry. If it's a site a visit often, I'll Allow it permanently.

I do not advise checking NoScript Options > General > Temporarily allow top-level sites by default. Some sites are hacked in such a way that you're redirected to a malicious top-level site. Many of the fake av sites are spread that way. I also keep my system and applications up to date with security patches. This will prevent most exploits from working even if they ever happen to get through somehow.
Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

Davezilla
Junior Member
Posts: 48
Joined: Fri Jan 29, 2010 5:20 pm

Re: Scary

Post by Davezilla » Fri Jun 17, 2011 1:53 pm

Alan Baxter wrote:Some sites are hacked in such a way that you're redirected to a malicious top-level site.


Now, that is worrying. Do you think that the SeaMonkey 'Warn me when websites try to redirect or reload the page' feature can combat that somewhat (using NoScript as well of course).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20110608 Firefox/4.0.1 SeaMonkey/2.1

User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Scary

Post by therube » Mon Aug 29, 2011 8:47 pm

Do you have NoScript Options > General > Temporarily allow top-level sites by default enabled?
If not, then unless you happen to have the particular domain allowed which it redirected to (& presumably you would not), then it shouldn't be a concern.

The redirect block could be effective - for other reasons.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; rv:9.0a1) Gecko/20110826 Firefox/9.0a1 SeaMonkey/2.6a1

Post Reply