Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Allow only HTTPS active content (Score 1) 166

NoScript Options>Advanced>HTTPS> Forbid Active Content unless it comes from a secure (HTTPS) connection .

Painful, yes, but it should take care of this kind of attacks, as long as you can trust HTTPS (e.g. with Convergence).

Furthermore, NoScript 2.6.8.37rc2 introduce an experimental "Allow HTTPS scripts globally on HTTPS documents" mode (in Advanced>HTTPS>Permissions) if you value convenience over finer grained security.

Comment Re:why? (Score 4, Informative) 778

Are there still security issues with having JS enabled?

Fresh from the summary of the upcoming BlackHat talk by Jeremiah Grossman, A Million Browser Botnet:

With a few lines of HTML5 and javascript code we’ll demonstrate just how you can easily commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes and even help brute-force passwords. [...] no zero-days or malware is required. Oh, and there is no patch. The Web is supposed to work this way.

Comment Re:Agreed (Score 4, Informative) 778

There is ZERO chance I'm going to use a browser which doesn't allow me to default JS to being disabled. NoScript is also FAR advanced beyond other similar tools, so it would REALLY SUCK to have to use Chromium's lame equivalent, but I will if it is the only choice. At least in other respects Chromium is pretty good.

In what ways is NoScript more advanced than ScriptSafe?

Besides some "minor" features first introduced by NoScript, which advanced the state of the art of browser security (such as the most effective in-browser XSS filter, the ClearClick anti-Clickjacking technology and the Application Boundaries Enforcer module), NoScript holds a modest advantage over all its Chrome-based "clones": basic script blocking which actually works ;)

Comment Not that simple (Re:Online Advertising Response) (Score 5, Informative) 369

The patch is not exactly a one-liner, because the implemented behavior is not as straight-forward as just "block 3rd party cookies".

It's "block cross-site cookies from origins which I've not visited yet as a 1st party websites and have already 1st party cookies from".

This means, for instance, that Facebook, Google and Twitter gets likely a free-pass to track almost anybody.

And that once you (accidentally or not) click any ad box, you give a free-pass to its advertising agency too.

Privacy

Submission + - Stallman on Unity: Canonical will have to hand over users' data to governments (benjaminkerensa.com)

Giorgio Maone writes: "Ubuntu developer and fellow mozillian Benjamin Kerensa chatted with various people about the new Amazon Product Results in the Ubuntu 12.10 Unity Dash. Among them, Richard Stallman told him that this feature is bad because: 1. "If Canonical gets this data, it will be forced to hand it over to various governments."; 2. Amazon is bad. Concerned people can disable remote data retrieval for any lens and scopes or, more surgically, use sudo apt-get remove unity-lens-shopping."

Comment Re:Inflated Chrome stats because of page prerender (Score 2) 212

I doubt they measure number of pages when measuring market share here.

Wrong, that's exactly what they do: Why do you base your stats on page views rather than unique visitors?

And yes, they're aware of the prerendering Chrome stats inflation problem, even though they believe it doesn't significantly skew their stats, for some reason they're unable to explain themselves (sounds like "faith" or "we're too lazy to adjust our data even though we could").

Slashdot Top Deals

Things equal to nothing else are equal to each other.

Working...