On 09/07/15 10:13, Linda Walsh wrote:
Basil Chupin wrote:
Mozilla’s script blocker add-on could be putting malware sites on the whitelist.
Security researchers have discovered a major flaw with Mozilla’s popular NoScript security add-on. NoScript is supposed to create an environment where JavaScript, Java, and other executable content can only run in scripts that come from a trusted domain.
It isn’t clear whether attackers are already using this technique. The discovery challenges the prestige of the Mozilla NoScript plugin, which bills itself as “The best security you can get in a web browser!”
--- NoScript is good, but really needs to integrate the functionality of "RequestPolicy"
Reason: a white list alone isn't enough. You need context. For example, I may want to list google's api's as a white-listed component -- but that still means they can be called from a black-listed site.
[pruned] The intricacies of your response flow over my head, I am afraid :-) . I posted the above because I thought that it may be of interest to many people. Having written the above, have you tried _LIghtbeam_ which shows which other sites your current site is linking you to? (I know, I know, it's bad English grammar to end sentence with a proposition but what the heck, eh? :-) ). BC -- Using openSUSE 13.2, KDE 4.14.6 & kernel 4.1.1-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org