NoScript Sightings

General discussion about the NoScript extension for Firefox
Post Reply
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

Tom T. wrote:@ Giorgio:
Did you break the lnk deliberately?
No, I did it accidentally. Fixed, thanks.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: NoScript Sightings

Post by therube »

(I don't know why you only got a Page 3 billing ;-))

6 Ways to Defend Against Drive-by Downloads
3. Install NoScript on your Firefox browser. NoScript is a free, open source add-on that allows only trusted websites that you choose to run JavaScript, Java and Flash. Brandt says running Firefox with NoScript prevents "a lot" of drive-by downloads. "As far as I can tell, it's the only surefire method of preventing an accidental infection of a Windows PC by exploit-kitted web pages," he wrote on Solera Networks' blog last December.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0a2) Gecko/20120217 Firefox/12.0a2 SeaMonkey/2.9a2
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: NoScript Sightings

Post by GµårÐïåñ »

http://donttrack.us/

Lists NoScript as a tool to be used for privacy.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: NoScript Sightings

Post by therube »

Post mortem report on the sinowal/nu.nl incident « Fox-IT International blog
did the drive-by download also succeed when ff was used with NoScript ?
The drive-by would not have succeeded, as the g.js or gs.js javascript on nu.nl might have worked, because users of nu.nl might have whitelisted the site, but the exploit kit also requires javascript and the loading of a java applet or PDF file, which all requires interaction when using NoScript.
http://blog.fox-it.com/2012/03/16/post-mortem-report-on-the-sinowallnu-nl-incident/
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120316 Firefox/13.0a2 SeaMonkey/2.10a2
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: NoScript Sightings

Post by GµårÐïåñ »

Comment on the popularity of NoScript and the ongoing MemShrink project for Firefox;
http://blog.mozilla.com/nnethercote/201 ... s-week-30/
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: NoScript Sightings

Post by dhouwn »

http://www.romab.com/ironsuite/IronSuite-FAQ.html#section1.5 wrote:What security problems does sandboxing not solve?

We focus on certain aspects on protection - to avoid someone else than you to manipulate software that you use, to control in ways you do not want.
There are no such thing as a catch-all security solution, so, to be very clear -
  • it is not a replacement for noscript + friends. A nasty javascript that does something INSIDE your browser might still be able to hurt you. The objectives of IronSuite is to restrict what an application can do to the surrounding environment, other applications and data. Cross-origin data thefts can still work, so thats why you need things like noscript
  • […]
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
DJ-Leith
Senior Member
Posts: 149
Joined: Thu Aug 04, 2011 4:23 pm

Re: NoScript Sightings

Post by DJ-Leith »

With the demise of Firefox 3.6.xx we will all soon be using a browser with HTML5.

In November 2011 Trend Micro published three linked blog posts on
HTML5: The Good, The Bad and The Ugly

I recommend that you read them in order but I can't post the URLs.

Code: Select all

http: //blog.trendmicro .com/html5-thegood
http: //blog.trendmicro .com/html5-the-bad
http: //blog.trendmicro .com/html5-the-ugly
At the end of the third post, HTML5 – The Ugly, Robert McArdle says:
... there are two free tools which can offer very good protection:
1. NoScript: The NoScript browser plugin is already well known in security circles. This excellent tool restricts how JavaScript and other plugins run on untrusted sites. ...
I transitioned from Fx 3.6.28 to Fx 11 on 20-April-2012.

DJ-Leith
Mozilla/5.0 (Windows NT 6.0; rv:11.0) Gecko/20100101 Firefox/11.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: NoScript Sightings

Post by Tom T. »

DJ-Leith wrote:...I recommend that you read them in order but I can't post the URLs....
I'm curious: Why not? You're an established member here, and the site is hardly spam; it's good tech info.
Did you get blocked when you tried to post them?
DJ-Leith wrote:At the end of the third post, HTML5 – The Ugly, Robert McArdle says:
... there are two free tools which can offer very good protection:
1. NoScript: The NoScript browser plugin is already well known in security circles. This excellent tool restricts how JavaScript and other plugins run on untrusted sites. ...
The second post talks about Clickjacking and XSS, and mentions only some server-side protections against Clickjacking.
It omits that NoScript offers the best and most effective *user* protections available against Clickjacking and XSS, regardless of what the site does or doesn't do.

Did you not find it odd that the series lists Geolocation as both good and bad?
I don't see the good. If I need a site to know where I am (directions to some place), I'll enter it myself, thank you. The other 99.9% of the time, it's just another privacy invasion.

They cite "Web Notifications" as being good, but also an easy tool for phishers, etc.

I can foresee "Drag and drop" being another huge vector for malware installation. I'd like my browser to be like the current advertising campaign (in the US) for holidays to Las Vegas, Nevada: "What happens in Vegas stays in Vegas".
Moi: "What happens in the browser stays in the browser".

You can already move stuff out of your Temp or Temporary Internet Files folders, but that's a very deliberate process. Make it too easy, and I can see a lot of users being misled...

MHO. YMMV.

I guess this is my last day on 3.6.28.... :cry:

Good post, thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
DJ-Leith
Senior Member
Posts: 149
Joined: Thu Aug 04, 2011 4:23 pm

Re: NoScript Sightings

Post by DJ-Leith »

Tom T. wrote:
DJ-Leith wrote:...I recommend that you read them in order but I can't post the URLs....
I'm curious: Why not? You're an established member here, and the site is hardly spam; it's good tech info.
Did you get blocked when you tried to post them?
Yes, the anti spam blocked the post. Nearly all my posts have links (and I've struggled with the anti spam before).
However, on reviewing my posts it is usually the URLs that are NOT forums.informaction .com or mozilla that trigger the anti spam. I'm very happy that you (the Moderators) try and 'keep the spam links down'.
I'm also happy to use the 'Code brackets'.
However, in this case - even the 'Code brackets' failed: I had to break the links.

Back to the main Topic, Tom T., I agree with all your points.
My intention was to let Robert McArdle speak for himself.
Your comments will, I hope, encourage more folk to read about HTML5. :)
His three posts are well written for an audience that is not too technical. You, I and many readers here, are well
aware that NoScript protects us.
Some of our 'friends and family' may need an introduction to some of these issues.
The reason I posted this now (as opposed to 2011) was to coincide with the end of Fx 3.6.xx.
Tom T. wrote:Good post, thanks.
You are most welcome, thanks for your endorsement.
Mozilla/5.0 (Windows NT 6.0; rv:11.0) Gecko/20100101 Firefox/11.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: NoScript Sightings

Post by Tom T. »

(The URL-posting issue was split to Metaforum, "Unable to post URLs in

Code: Select all

 tags"[/url] -- Tom T.)[/i]

[quote="DJ-Leith"]....
[b]Your comments will, I hope, encourage more folk to read about HTML5.[/b] :) 
His three posts are well written for an audience that is not too technical....
Some of our 'friends and family' may need an introduction to some of these issues.[/quote]
Agree wholeheartedly.  Do please pass on those links, and this thread, to all who are willing to read. 
[quote="DJ-Leith"]The reason I posted this now (as opposed to 2011) was to coincide with the end of Fx 3.6.xx.[/quote]
Another good point. Most non-tech users have no idea that the basic language of the Web, HTML, is different for post-F3 versions of Firefox. 

Most will update (some won't), so yes, very timely to post now. Thanks again.
Last edited by Tom T. on Thu Apr 26, 2012 10:38 am, edited 1 time in total.
Reason: announce split topic, re-word to keep continuity of this thread
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/11.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: NoScript Sightings

Post by GµårÐïåñ »

This author tries in vane to give advise on beating NoScript, not knowing his suggestions are USELESS.
http://www.makeuseof.com/tag/3-tactics- ... sers-site/

Not to mention attempts to bundle us as villains.

Image
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.152 Safari/535.19 Comodo_Dragon/18.1.2.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: NoScript Sightings

Post by Tom T. »

GµårÐïåñ wrote:This author tries in vane to give advise on beating NoScript, not knowing his suggestions are USELESS.
http://www.makeuseof.com/tag/3-tactics- ... sers-site/

Not to mention attempts to bundle us as villains.

Image
See this very fine post by an enthusiastic NS supporter.
(And accept your fair share of the praise, my friend. :) )
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/12.0
dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: NoScript Sightings

Post by dhouwn »

Austrian science and technology show (on a public channel) had a segment on surveillance and privacy and NoScript is mentioned around the 22. minute for blocking stuff like Google Analytics scripts: http://tvthek.orf.at/programs/1306-Newton
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript Sightings

Post by Thrawn »

GHacks 'Firefox Security Guide' article recommends NoScript to "give you the maximum security and privacy possible."

Several people may be interested/amused by the fact that the author suggests it as a replacement for Adblock Plus.

There's some other security advice there worth noting, too, including a few about:config tweaks.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: NoScript Sightings

Post by Tom T. »

(At this point, there was a discussion of a recent article about how to defeat ad-blockers and NoScript, and comments thereon. Split as O/T, to Forum Extras > Web Tech, here.)
Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Post Reply