NoScript Sightings

General discussion about the NoScript extension for Firefox
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: NoScript Sightings

Post by computerfreaker »

NoScript is included by default in BackTrack 4.
For those who don't know what BackTrack is, here's a quote from their home page:
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
There's only half-a-dozen addons in the "vanilla" BT Firefox, and NoScript is one of them. Quite the compliment, directly from the top security guys.
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: NoScript Sightings

Post by Alan Baxter »

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: NoScript Sightings

Post by Alan Baxter »

From In their words: Experts weigh in on Mac vs. PC security | InSecurity Complex - CNET News
Which is more secure for consumers--Mac or PC, and why?
R. Adrian Lamo, threat analyst:
"There's no one-size-fits-all answer to this question. A PC, common sense, and NoScript http://noscript.net/ [Firefox plug-in] will help a user reduce their exposure profile more than a Mac and no common sense + clicking on anything that flashes. But the former isn't because it's a PC, and the latter isn't because it's a Mac."
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: NoScript Sightings

Post by therube »

In their words: Experts weigh in on Mac vs. PC security | InSecurity Complex - CNET News

"There's no one-size-fits-all answer to this question. A PC, common sense, and NoScript http://noscript.net/ [Firefox plug-in] will help a user reduce their exposure profile more than a Mac and no common sense + clicking on anything that flashes. But the former isn't because it's a PC, and the latter isn't because it's a Mac."

http://news.cnet.com/8301-27080_3-10444561-245.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8pre) Gecko/20100131 SeaMonkey/2.0.3pre
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: NoScript Sightings

Post by Alan Baxter »

Giorgio Maone of NoScript
Job: Consultant
Why: Controls NoScript
Impact: Nearly every security researcher on the
planet – complete compromise. In general the
most paranoid people on earth would be
compromised.
Hey! Who's RSnake calling paranoid? :o
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: NoScript Sightings

Post by GµårÐïåñ »

It's NOT paranoia when EVERYONE is actually out to get you. :twisted:
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: NoScript Sightings

Post by Alan Baxter »

:D
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

M86Security: Malware and social network attacks surge in '09
How can people better protect themselves against the growing tide of malware? Aside from the typical advice of keeping your security software updated and not clicking on links in an e-mail, M86 recommends that people use the NoScript extension in Firefox, which limits the execution of JavaScript code and installs browser extensions that can display shortened URLs as their full addresses.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: NoScript Sightings

Post by Alan Baxter »

I suppose this may not be limited to NoScript. I don't know. But I sure thought of NoScript when I saw this:
http://www.ted.com/talks/sam_harris_sci ... right.html
If your browser allows only "trusted sites" to execute Javascript, you should add the "googleapis.com" domain to your whitelist to allow our Flash detection to work properly.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

http://blogs.computerworld.com/15815/ca ... ne_banking
Computerworld wrote: Jay McLaughlin has me worried. I do my online banking from the same home computer the rest of the family uses for Web surfing and online games. I have the McAfee security suite loaded and do regular scans so accessing online banking should be protected. Right?

Not really, says McLaughlin, a Certified Information Security Professional and CIO of CNL Bank. Accessing online banking from your everyday PC is just asking for trouble, he says.

[...]

He thinks that security suites are increasingly ineffective at keeping up with threats from organized crime rings abroad, such as the Russian Business Network. Right now business users are feeling the heat, but he says consumers are being targeted as well. He's so worried about drive by downloads, in fact, that he uses Firefox with the Noscript plug-in, which won't allow any JavaScript to execute on his PC without his explicit permission.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

https://www.eff.org/deeplinks/2010/05/e ... nopticlick
Is Every Browser Unique? Results Fom The Panopticlick Experiment wrote: While almost all browsers are uniquely fingerprintable, there were four special categories that were comparatively resistant to fingerprinting:

1. Those with JavaScript disabled (possibly using a tool like NoScript)
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: NoScript Sightings

Post by Giorgio Maone »

BBC News, http://news.bbc.co.uk/2/hi/technology/10224434.stm:
[quote="BBC - Facebook "clickjacking" spreads across site"]
A free plug-in called NoScript, built for the Firefox web browser, includes pop-up warnings about potential clickjacks.

However, it will also query clicks on Flash videos, commonly used on many websites - and it is not easy to install, said Mr Cluley.

"You have to be a little bit nerdy to configure it."
[/quote]
Congrats everybody for your nerdiness, guys & gals here :)
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: NoScript Sightings

Post by GµårÐïåñ »

LMAO, nerdy? Are you kidding me? I know ALOT of people who use this lovely addon with little to no real knowledge of technology and often don't even change the default behavior and benefit from it. I hate it when they paint something in a light that would discourage the average user to give it a try. But hey, at least they mentioned it and that's something. Congrats Giorgio.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Post Reply