Re: NoScript Sightings
Posted: Wed Jan 11, 2012 10:23 am
No, I did it accidentally. Fixed, thanks.Tom T. wrote:@ Giorgio:
Did you break the lnk deliberately?
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
No, I did it accidentally. Fixed, thanks.Tom T. wrote:@ Giorgio:
Did you break the lnk deliberately?
3. Install NoScript on your Firefox browser. NoScript is a free, open source add-on that allows only trusted websites that you choose to run JavaScript, Java and Flash. Brandt says running Firefox with NoScript prevents "a lot" of drive-by downloads. "As far as I can tell, it's the only surefire method of preventing an accidental infection of a Windows PC by exploit-kitted web pages," he wrote on Solera Networks' blog last December.
http://blog.fox-it.com/2012/03/16/post-mortem-report-on-the-sinowallnu-nl-incident/did the drive-by download also succeed when ff was used with NoScript ?
The drive-by would not have succeeded, as the g.js or gs.js javascript on nu.nl might have worked, because users of nu.nl might have whitelisted the site, but the exploit kit also requires javascript and the loading of a java applet or PDF file, which all requires interaction when using NoScript.
http://www.romab.com/ironsuite/IronSuite-FAQ.html#section1.5 wrote:What security problems does sandboxing not solve?
We focus on certain aspects on protection - to avoid someone else than you to manipulate software that you use, to control in ways you do not want.
There are no such thing as a catch-all security solution, so, to be very clear -
- it is not a replacement for noscript + friends. A nasty javascript that does something INSIDE your browser might still be able to hurt you. The objectives of IronSuite is to restrict what an application can do to the surrounding environment, other applications and data. Cross-origin data thefts can still work, so thats why you need things like noscript
- […]
Code: Select all
http: //blog.trendmicro .com/html5-thegood
http: //blog.trendmicro .com/html5-the-bad
http: //blog.trendmicro .com/html5-the-ugly
I transitioned from Fx 3.6.28 to Fx 11 on 20-April-2012.... there are two free tools which can offer very good protection:
1. NoScript: The NoScript browser plugin is already well known in security circles. This excellent tool restricts how JavaScript and other plugins run on untrusted sites. ...
I'm curious: Why not? You're an established member here, and the site is hardly spam; it's good tech info.DJ-Leith wrote:...I recommend that you read them in order but I can't post the URLs....
The second post talks about Clickjacking and XSS, and mentions only some server-side protections against Clickjacking.DJ-Leith wrote:At the end of the third post, HTML5 – The Ugly, Robert McArdle says:... there are two free tools which can offer very good protection:
1. NoScript: The NoScript browser plugin is already well known in security circles. This excellent tool restricts how JavaScript and other plugins run on untrusted sites. ...
Yes, the anti spam blocked the post. Nearly all my posts have links (and I've struggled with the anti spam before).Tom T. wrote:I'm curious: Why not? You're an established member here, and the site is hardly spam; it's good tech info.DJ-Leith wrote:...I recommend that you read them in order but I can't post the URLs....
Did you get blocked when you tried to post them?
You are most welcome, thanks for your endorsement.Tom T. wrote:Good post, thanks.
Code: Select all
tags"[/url] -- Tom T.)[/i]
[quote="DJ-Leith"]....
[b]Your comments will, I hope, encourage more folk to read about HTML5.[/b] :)
His three posts are well written for an audience that is not too technical....
Some of our 'friends and family' may need an introduction to some of these issues.[/quote]
Agree wholeheartedly. Do please pass on those links, and this thread, to all who are willing to read.
[quote="DJ-Leith"]The reason I posted this now (as opposed to 2011) was to coincide with the end of Fx 3.6.xx.[/quote]
Another good point. Most non-tech users have no idea that the basic language of the Web, HTML, is different for post-F3 versions of Firefox.
Most will update (some won't), so yes, very timely to post now. Thanks again.
See this very fine post by an enthusiastic NS supporter.GµårÐïåñ wrote:This author tries in vane to give advise on beating NoScript, not knowing his suggestions are USELESS.
http://www.makeuseof.com/tag/3-tactics- ... sers-site/
Not to mention attempts to bundle us as villains.