InformAction Forums

(Mac OSX 10.6.4) I was watching the Chilean rescue live in a video link to MSNBC provided by the NYTimes here

http://thelede.blogs.nytimes.com/2010/1 ... miners/?hp

As the video feed was loading, I noticed the following: "transferring data from b.scorcardresearch.com." b.scorcardresearch.com gets a very poor rating from WOT for, among other things, malware. I was not allowing the Times or anything else from the Times. I didn't see the script being blocked by NoScript, probably because the data was being provided through a link. If I allow a feed like this from another site to load, am I without any defenses with NoScript unable to block anything?

I get a little different report from google safebrowsing diagnostic (seems it acts as an intermediary for malware):

What is the current listing status for b.scorecardresearch.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Of the 6 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-05, and suspicious content was never found on this site within the past 90 days.

Malicious software includes 1 trojan(s).

This site was hosted on 39 network(s) including AS20940 (AKAMAI), AS6939 (HURRICANE), AS3549 (Global Crossing Ltd.).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, b.scorecardresearch.com appeared to function as an intermediary for the infection of 6 site(s) including uncoached.com/, stumbleupon.com/, ostfrallan.com/.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

It was probably b.scorecardresearch.com that was being displayed (score instead of scor). Unless you explicitly Allow it, NoScript blocks all scripts and active content from scorecardresearch.com (and scorcardresearch.com too). What you saw was non-active content being loaded, which isn't dangerous. By the way, Adblock Plus blocks all content from scorecardresearch.com for me.

Alan Baxter wrote:It was probably b.scorecardresearch.com that was being displayed (score instead of scor). Unless you explicitly Allow it, NoScript blocks all scripts and active content from scorecardresearch.com (and scorcardresearch.com too). What you saw was non-active content being loaded, which isn't dangerous. By the way, Adblock Plus blocks all content from scorecardresearch.com for me.

Thanks Alan. Yes that was b.scorecardresearch.com; that was my typo. A few followup questions then if I may: can you explain what "active vs. non-active content" is? In other words, if I don't see the script in the list of scripts from NS, even though in the status bar it appears it's being loaded, it means it's "inactive?" (And with another browser or with NoScript disabled, it would have been fully active and would have loaded? Or does this mean that particular script from that linked site was already inactive even without NoScript blockng it?)

kukla wrote:can you explain what "active vs. non-active content" is?

Roughly, active content contains executable code: computer instructions which provide additional features to a web page rather than just text and images. Examples of active content are JavaScript and the various plugins such as Java, Flash, Silverlight, PDF viewers, QuickTime, RealPlayer, etc. Active content can potentially exploit any vulnerabilities in Firefox or the active content's plugin. Unfortunately, new vulnerabilities are continually being discovered by the bad guys, so it's best to keep Firefox, your plugins, your operating system, and other programs up to date with their current security fixes; allow active content only from trusted sources; and use NoScript to block active content from all other sources.

Examples of content which isn't active are html, images, and stylesheets.

In other words, if I don't see the script in the list of scripts from NS, even though in the status bar it appears it's being loaded, it means it's "inactive?"

Yes.

(And with another browser or with NoScript disabled, it would have been fully active and would have loaded? Or does this mean that particular script from that linked site was already inactive even without NoScript blockng it?)

It means it wasn't active content in the first place. That's why it wasn't blocked.

Alan Baxter wrote:Unfortunately, new vulnerabilities are continually being discovered by the bad guys, so it's best to keep Firefox, your plugins, your operating system, and other programs up to date with their current security fixes

Thanks for the reply Alan. A little off topic, but Tiger (10.4 ) will with the next version of Firefox no longer be supported, meaning no more security updates. I have another older computer running Tiger. I've asked this before, but I'm wondering if I can get another take on this, since it's making me apprehensive. Do you think I'll still be better off continuing to use Firefox, even unsupported, with NoScript, or when this happens, which will be relatively soon, should I consider switching to another browser that is still being updated, even if it means having to drop NoScript? I really depend on NoScript -- there is nothing like NoScript anywhere -- and I'm wondering if it will be mostly able to compensate for the loss of support from Mozilla. The last time I asked, which was last year when Mozilla first announced it was dropping support for Tiger (Tiger itself is no longer being supported by Apple, which makes NoScript even more essential) in the next release of Firefox, Giorgio, if I remember correctly, basically said it was a tough call. Now that the date is looming closer maybe you or Giorgio is in a better position to answer.

If you want to move this over to the Security forum, or ask me to re-post this over there, please feel free to do so.

Don't worry about it for now. Fx 3.6.x will continue to be supported with security updates for at least six months after Fx 4.0 is released, which won't be for at least two or three months. You can safely use NoScript and Fx 3.6.x until then. Let's reevaluate your situation then.

Is Tiger receiving any security updates at all? How safe is it to use the Internet with an unsupported version of Mac OS? As far as I know, Mac OS isn't attacked as voraciously as Windows, so maybe it's an acceptable risk as longer as you're very, very careful.

Nope, there haven't been any security updates for Tiger since Fall '09. (Apple has been updating Safari for Tiger, though.) Some people still using Tiger feel that old code like Tiger's (and fewer users) may actually make it less interesting or vulnerable for exploits. This is cold comfort, however, since this doesn't apply to vulnerabilities across OS versions. The only defense I have, and this may be changing as Macs become more popular, is that OSX is at least for the moment, just not as attractive/profitable as PC/Windows is for the bad guys to exploit. I've read conflicting opinions, but there is the school that doesn't think there is anything necessarily inherently safer about OSX.