InformAction Forums

Hi!

This is my first post here, so excuse me if I do something wrong.

I started using NS, along with ABP, and so far I´m liking it a lot!

I have a couple of questions:

1) How can I activate JUST the images / comments in a page (http://www.clarin.com/politica/nicolas- ... 4j9Sx.html)?
I´ve tried allowing everything, step by step, but it will not work unless all the page is allowed (there is nothing else to allow!), and that also allows ads.

2) Is there a way to know which script or domain I should allow without having to try one by one?

I also use a registered copy of Sandboxie. To my understanding, the possibility of being infected is almost null. I´ve never have an infection in my machine in many years, even when browsing dangerous parts of the web. Anyway, I like NS very much, because it seems to make browsing faster. My last question is:

3) Do I gain anything, as in more security, using NS?

Thank you very much!

1) Can't be done without a lot of effort and digging through page code. NoScript is a security tool, not an ad blocker. And in security, either you trust a site or you don't. So your solution of using an ad blocker to block the ads is probably the best one.

But NoScript does provide surrogate script for some tracking sites, maybe a surrogate needs added/updated. When you visit the site, and allow the minimal required permissions for it to work, can you please post here the full script listing? (Right-click the NoScript Options menu item to copy the list, then use Ctrl-V to paste.)


2) Not really. You can use this method to reduce the amount of trial-and-error - viewtopic.php?p=75314#p75314


3) Yes. I too use NoScript in a sandboxed browser. The sandboxing may help prevent our computers getting infected, but it won't do much about web-based attacks. https://hackademix.net/2012/02/16/sandb ... years-ago/

In addition to blocking scripts, NoScript has XSS filter, ABE, clickjacking protection, HTTPS enforcement, secure cookies management, MIME type enforcing, etc.

barbaz wrote:The sandboxing may help prevent our computers getting infected, but it won't do much about web-based attacks.

Also, this.

barbaz wrote:The sandboxing may help prevent our computers getting infected, but it won't do much about web-based attacks.

Thank you for your answers!

So, by web-based attacks, that means someone getting my credentials to a website I´m already logged in, for example?

Best!

matzen wrote:So, by web-based attacks, that means someone getting my credentials to a website I´m already logged in, for example?

That's one type of web-based attack, yes. It could also involve using your web browser as a vector to compromise your router. Or simply tricking you into clicking stuff an attacker wants you to click.

I'm sure that's not a complete list, but you get the idea.

barbaz wrote:tricking you into clicking stuff an attacker wants you to click.

Like an Amazon 'Buy it Now' button for the attacker's products, or a Facebook 'Like' button...