Author Topic: Why we have NoScript installed by default in FF or Flock Sulfur!  (Read 2550 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33868
  • malware fighter
Hi malware fighters,

Without running malicious code people can collect loads of information you would not like to give out when you were aware through some renaissance script. Want to see what they may know about your browser in that case: http://ha.ckers.org/mr-t/ with javascript enabled. Got the message this time?
PS the link given is clean, checked against http://online.drweb.com/?url=1

polonus

P.S.
For those to analyse the code: http://ha.ckers.org/mr-t/mr-t.cgi
If LocalRodeo is detected, this is not built inside FF or Flock, but it is misinterpreted for
when FW settings outbound connections to localhost: DENY), LocalRodeo will be incorrectly detected.
Inspiration for it may be found here: http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
Ironically LocalRodeo ( http://databasement.net/labs/localrodeo/ ) was a predecessor tool for NoScript, but all it did is incorporated by NoScript now.

Damian
« Last Edit: June 01, 2007, 09:00:25 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Zagor

  • Guest
Re: Why we have NoScript installed by default in FF or Flock Sulfur!
« Reply #1 on: June 03, 2007, 03:54:12 AM »
NoScript for Firefox here, up and running!
« Last Edit: June 03, 2007, 04:35:02 AM by Zagor »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33868
  • malware fighter
Re: Why we have NoScript installed by default in FF or Flock Sulfur!
« Reply #2 on: June 05, 2007, 09:56:33 PM »
Hi Zagor,

Michal Zalewski discovered just a couple of Firefox and IE browser vulnerabilities that still are not patched.
http://seclists.org/fulldisclosure/2007/Jun/0026.html
Good news here with NoScript installed none of them threaten you.
Firefox with NoScript installed is the safest browser around.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Zagor

  • Guest
Re: Why we have NoScript installed by default in FF or Flock Sulfur!
« Reply #3 on: June 06, 2007, 12:18:52 AM »
Hi Polonus,

Thank you for this constant information supply, it's always usefull! Yes, I do prefer NoScript, not only for it's security benefits but since I'm testing sites that I build, it's quite handy turning JavaScript on and off in one click.