InformAction Forums

Recently, a webcomic I follow was apparently hacked, and malicious code injected into the site. Firefox warned me about it because it had been blacklisted, but it made me think, that for cases when I'm warned that a site I already trust has been attacked, I'd like to have an option to disallow scripts globally. Otherwise I have to go into the whitelist and remove the related URLs, and will have to add them later when the hacks have been mended. When scripts are disallowed globally, we could still see which ones would normally be enabled/disabled, and enable/disable them from the menu, but regardless of changes, no scripts will run until this mode is turned off. Perhaps you could call it "Safe Mode" because it's sort of a return to the default, beginning settings so that settings can be changed from relative safety.

This FAQ may ease your concerns.

According to NoScript Developer Giorgio Maone, 99.9%+ of the attacks you describe are of the type covered by that FAQ and the protections it provides.

For the maximum possible protection, on NoScript > Options >Embeddings page, check *everything*. This will cause a bit of inconvenience from time to time, in having to allow additional things (Flash videos, etc.) even at your whitelisted sites, but for the super-cautious, or super-paranoid, (I confess to both ) the degree of protection is a favorable trade-off. IMHO. YMMV.

Perhaps you could call it "Safe Mode" because it's sort of a return to the default, beginning settings...

Actually, the default whitelist has grown a bit over the years, because of complaints from non-tech users that the most popular sites - Google, Yahoo, etc. -- didn't work. Or they just gave up and uninstalled NS. Naturally, you can delete from the default whitelist anything you like. But please know that even these giants have been exploited from time to time. Hence the protection described above. But by all means, trim your whitelist to keep it as small as possible, while not being too inconvenient.

Tom T. wrote:This FAQ may ease your concerns.

According to NoScript Developer Giorgio Maone, 99.9%+ of the attacks you describe are of the type covered by that FAQ and the protections it provides.

For the maximum possible protection, on NoScript > Options >Embeddings page, check *everything*. This will cause a bit of inconvenience from time to time, in having to allow additional things (Flash videos, etc.) even at your whitelisted sites, but for the super-cautious, or super-paranoid, (I confess to both ) the degree of protection is a favorable trade-off. IMHO. YMMV.

Perhaps you could call it "Safe Mode" because it's sort of a return to the default, beginning settings...

Actually, the default whitelist has grown a bit over the years, because of complaints from non-tech users that the most popular sites - Google, Yahoo, etc. -- didn't work. Or they just gave up and uninstalled NS. Naturally, you can delete from the default whitelist anything you like. But please know that even these giants have been exploited from time to time. Hence the protection described above. But by all means, trim your whitelist to keep it as small as possible, while not being too inconvenient.

I see. Thanks for the info.

You're very welcome. I'm glad that the information was helpful.

If you're still subscribed to this topic, or otherwise see this, you might be interested in this recent topic, in which someone posts code that creates what looks like a link to Google. If you hover the mouse over the link, it shows Google's address in the lower-left status bar. Yet clicking it would take you to the programmer's site. It's just a demonstration, but for a real evildoer, this could trick many users into being sent to a malicious site that could do -- whatever.

Yet as you'll see in the thread, even if you have all scripting from Google allowed, NoScript defeats this attack by default. You don't have to do anything. In fact, the only way it works against a NS user is if you allow this strange third-party site that would show in the NS menu, when you think you're going to Google.
In the worst case, the attempted redirect is blocked, and you get a conspicuous warning telling you what is the real destination, and do you want to allow it? (Of course not.) It's not quite the same issue as you posted, but the idea of malicious code is still there.

You can see that those who don't use NoScript, or who use browsers that don't support NS, may be very vulnerable, depending on what, if any, protection their browsers offer. Seeing the actual attack, and seeing it blocked by NS -- if one picture is worth a thousand words, than one experience is worth a thousand pictures. Have a look.

There is no warning (from NoScript) one way or the other relating to dazsmith.com/simchamber.net.
(Unless you mean when that once there, when you click the NoScript icon, then it shows simchamber.net rather then google.com. But at that point, the URL bar does too.)

webcomic ... was ... hacked, and malicious code injected into the site

So long as the injected code is hosted on a foreign domain (one that is not Allowed, & seemingly there would be no reason for it to be Allowed), then you are safe. If the injected code was also hosted on webcomic.com & if you Allowed webcomic, then it could do as it pleases.

therube wrote:There is no warning (from NoScript) one way or the other relating to dazsmith.com/simchamber.net.

In the default state of NS, the redirection fails. The user may not even know anything malicious was attempted, as they properly land on Google.

If a user at the demo page opens NS menu, they find the default-denied dazsmith.com script in the menu. That would be strange for an alleged link to Google.
Regardless, they still get to Google so long as they don't allow this unknown script source. But seeing it would prompt some questions in the mind of an aware user.

In the later versions (F7 & F8), there's the 301 redirect warning, as described here.