What is most paranoid/secure settings for Blitzableiter?

Ask for help about NoScript, no registration needed to post
Post Reply
InfoSec

What is most paranoid/secure settings for Blitzableiter?

Post by InfoSec »

How to properly configure External filters and Blitzableiter for maximum security benefits?
Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0
Top
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: What is most paranoid/secure settings for Blitzableiter?

Post by Tom T. »

InfoSec wrote:How to properly configure External filters and Blitzableiter for maximum security benefits?
Presumably, remove the default exceptions on the NoScript > Advanced > External Filters tab.

I don't use Blitz myself. A quick look at their site:
Blitzableiter itself is entirely managed code for the .NET runtime environment.
*Personal opinion*: I thought .NET was garbage, bloat, and a security risk when it first came out, never installed it, removed it from a new machine that came with it, and have never missed it. You might be safer uninstalling both the filter and .NET. (Check the many MS Security Updates for .NET.)

IMHO, and YMMV, but Mark Russinovich was a noted independent, security-minded developer who now is affiliated with Microsoft, so you might find his not-at-all-humble opinion interesting.

Cheers.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Top
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: What is most paranoid/secure settings for Blitzableiter?

Post by Tom T. »

A few days later, Microsoft makes me a prophet:

Code: Select all

http://technet.microsoft.com/en-us/security/bulletin/ms12-025
http://technet.microsoft.com/en-us/secu ... n/ms12-025
This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). .... In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Top
Post Reply

Return to “NoScript Support”