[opensuse] REPOST: Most interesting...and possibly disturbing about Flash (and Firefox)?
Seeing as how a message I posted on 22 November has had no responses I thought I would post it again in to see if this time there may be someone who could comment on its contents. I've been using Firefox for some years. In recent years , when they became available, I've been using a variety of Extensions as 'security measures' - for example NoScript, AdBlock, etc. Recently there was a question raised by (?)..... concerning Adobe's Flash - and a, brief, discussion on the security problem posed by Flash ensued; this flowed on to the general question of how secure Linux/Linux distros was/were when it was mentioned that permissions could be altered by applications even within a normal user's home directory. However, this matter was not really properly answered, and not pursued further. Just a few minutes ago I was using Firefox and went to one (of many such sites) for which I have NoScript disallow javascript but, after deliberately allowing javascript for the site and its associated sites (eg, YouTube also wants you to allow javascript for ytimg.com), I can carry on and view any video-related material. OK, with YouTube, as one example, after I get to the point of clicking on the ">" to play the video, I usually also get another request from NoScript to allow "something" to be able to continue to view the video. In the past I automatically, and in an irritated state, clicked, "YES", to simply get on and view the video. But just now I had a closer look at what I had previously been simply accepting without paying any attention to it. What the last "warning" which NoScript was asking me to allow was, "Allow about:blank" - which I was always in the past auto. accepted. I know what "about:plugins" and "about:config" show when I type these in the URL window in Firefox. But "about:blank"? This time I typed in "about:blank" in the URL windows.....and got, "Search Bookmarks and History". Now, as everyone who knows me, I am not a paranoid person ("In a pig's bum I'm not!") so what is this all about? BC -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
What the last "warning" which NoScript was asking me to allow was, "Allow about:blank" - which I was always in the past auto. accepted.
I know what "about:plugins" and "about:config" show when I type these in the URL window in Firefox. But "about:blank"?
This time I typed in "about:blank" in the URL windows.....and got, "Search Bookmarks and History".
Now, as everyone who knows me, I am not a paranoid person ("In a pig's bum I'm not!") so what is this all about?
Why it's loading about:blank, I can't say, but about:blank is pretty innocuous I would think. The Search Bookmarks and History thing (in light grey text) is just Firefox telling you that the Location bar has multiple duties now... you start typing there and it starts guessing what you're typing by your page history and bookmarks. It's a feature I use all the time. I could be completely wrong here, but I don't think it's anything nefarious. I think you're being paranoid. That still doesn't answer why that blank page is being called.... C. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/12/09 19:05, Clayton wrote:
What the last "warning" which NoScript was asking me to allow was, "Allow about:blank" - which I was always in the past auto. accepted.
I know what "about:plugins" and "about:config" show when I type these in the URL window in Firefox. But "about:blank"?
This time I typed in "about:blank" in the URL windows.....and got, "Search Bookmarks and History".
Now, as everyone who knows me, I am not a paranoid person ("In a pig's bum I'm not!") so what is this all about?
Why it's loading about:blank, I can't say, but about:blank is pretty innocuous I would think. The Search Bookmarks and History thing (in light grey text) is just Firefox telling you that the Location bar has multiple duties now... you start typing there and it starts guessing what you're typing by your page history and bookmarks. It's a feature I use all the time.
I could be completely wrong here, but I don't think it's anything nefarious. I think you're being paranoid.
That still doesn't answer why that blank page is being called....
C.
Well, I am now really not sure that it is all that innocuous. I came across this when I went looking for "about:blank": The term "about:blank" is also the generic name for a group of variants of the CoolWebSearch <http://en.wikipedia.org/wiki/CoolWebSearch> malware <http://en.wikipedia.org/wiki/Malware> program group. but apparently may also be used for advertisements. It is also interesting to see how many of the sites I usually visit have "about:blank" which NoScript disallows. BC -- The best defence against logic is ignorance. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/12/09 23:39, Basil Chupin wrote:
I came across this when I went looking for "about:blank":
The term "about:blank" is also the generic name for a group of variants of the CoolWebSearch <http://en.wikipedia.org/wiki/CoolWebSearch> malware <http://en.wikipedia.org/wiki/Malware> program group.
but apparently may also be used for advertisements.
It is also interesting to see how many of the sites I usually visit have "about:blank" which NoScript disallows.
about:blank is a web browser's way of displaying a blank, empty page. For example if you open a new tab, the page that is displayed is about:blank. If you go to the preferences, there is an option to set your home page to a blank page (about:blank). Blank really means blank, no scripts, no html, nothing. So in that sense its perfectly safe. The location bar in Firefox is just displaying it's default text instead of the URL so that new users know what it's for. The about: namespace in general is used for displaying local browser-specific information, like the about:config and about:plugins you already know. see http://en.wikipedia.org/wiki/About:_URI_scheme about:blank in Internet Explorer can be hijacked by certain Windows malware (so that it no longer displays a blank page, but ads, and since about:blank is used everywhere you see a lot of ads) but that does not mean the url about:blank itself is malicious, especially on Linux. So I don't think there is any need to be paranoid, I think NoScript is just offering you an option to block webpages using blank pages. I have seen some bad websites open lots of blank windows in an effort to confuse the user; maybe that's what NoScript is trying to stop. try these in firefox 3.0+, all harmless: about:robots about:mozilla about:credits Regards, Tejas -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/12/09 21:10, Tejas Guruswamy wrote:
On 09/12/09 23:39, Basil Chupin wrote:
I came across this when I went looking for "about:blank":
The term "about:blank" is also the generic name for a group of variants of the CoolWebSearch <http://en.wikipedia.org/wiki/CoolWebSearch> malware <http://en.wikipedia.org/wiki/Malware> program group.
but apparently may also be used for advertisements.
[pruned]
about:blank in Internet Explorer can be hijacked by certain Windows malware (so that it no longer displays a blank page, but ads, and since about:blank is used everywhere you see a lot of ads) but that does not mean the url about:blank itself is malicious, especially on Linux.
OK, thanks muchly. I accept the part about Linux and about:blank. I now feel less paranoid re it in oS. But I do not accept the generalisation that "about:blank itself is not malicious": if something like this can be hijacked and can be used for malware then it *is* malicious - and it's use should be either removed or have protection in place to prevent it from being hijacked. BC -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Basil Chupin wrote:
... But I do not accept the generalisation that "about:blank itself is not malicious": if something like this can be hijacked and can be used for malware then it *is* malicious - and it's use should be either removed or have protection in place to prevent it from being hijacked.
Why, then, Basil, Firefox is malicious; konqueror is malicious; ssh is malicious; ... Don't you read the frequent security alerts on this list? John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 11/12/09 21:38, John E. Perry wrote:
Basil Chupin wrote:
... But I do not accept the generalisation that "about:blank itself is not malicious": if something like this can be hijacked and can be used for malware then it *is* malicious - and it's use should be either removed or have protection in place to prevent it from being hijacked.
Why, then, Basil, Firefox is malicious; konqueror is malicious; ssh is malicious; ...
Don't you read the frequent security alerts on this list?
John Perry
Ummm, would you be kind enough to give me the reference to the last security alert on this list, please? If it was way back sometime in the last decade then I humbly admit that I did miss that one..... :-) BC -- If you don't succeed you run the risk of failure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sorry, Basil, I had too many old messages in my inbox, and skipped over this one without noticing how old it was getting. Basil Chupin wrote:
...
Why, then, Basil, Firefox is malicious; konqueror is malicious; ssh is malicious; ...
Don't you read the frequent security alerts on this list?
John Perry
Ummm, would you be kind enough to give me the reference to the last security alert on this list, please?
Sorry, you're right. The last security announcement I had at that time (12/11) was from 12/02, and it comes from the security-announce list, not the opensuse-en list. So you're right -- someone who is not enough interested in his system's security to subscribe to the security lists will not see them. And there had been an unusually long interval at that time; looking further back, it is indeed two or three a week, usually. John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Basil Chupin -
Clayton -
John E. Perry -
Tejas Guruswamy