InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

What is most paranoid/secure settings for Blitzableiter?

https://forums.informaction.com/viewtopic.php?t=8455

Page 1 of 1

What is most paranoid/secure settings for Blitzableiter?

Posted: Fri Apr 06, 2012 6:15 pm
by InfoSec
How to properly configure External filters and Blitzableiter for maximum security benefits?

Re: What is most paranoid/secure settings for Blitzableiter?

Posted: Sat Apr 07, 2012 9:57 am
by Tom T.
InfoSec wrote:How to properly configure External filters and Blitzableiter for maximum security benefits?
Presumably, remove the default exceptions on the NoScript > Advanced > External Filters tab.

I don't use Blitz myself. A quick look at their site:
Blitzableiter itself is entirely managed code for the .NET runtime environment.
*Personal opinion*: I thought .NET was garbage, bloat, and a security risk when it first came out, never installed it, removed it from a new machine that came with it, and have never missed it. You might be safer uninstalling both the filter and .NET. (Check the many MS Security Updates for .NET.)

IMHO, and YMMV, but Mark Russinovich was a noted independent, security-minded developer who now is affiliated with Microsoft, so you might find his not-at-all-humble opinion interesting.

Cheers.

Re: What is most paranoid/secure settings for Blitzableiter?

Posted: Wed Apr 11, 2012 12:02 am
by Tom T.
A few days later, Microsoft makes me a prophet:

Code: Select all

http://technet.microsoft.com/en-us/security/bulletin/ms12-025
http://technet.microsoft.com/en-us/secu ... n/ms12-025
This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). .... In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

This security update is rated Critical for Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited