NoScript 2.0 beefs border patrol
'Saves your router's ass'
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites.
Maone is particularly pleased with a change to NoScript's Application Boundaries Enforcer (ABE) module, designed to guard against router attack. The new module protects against a new form of DNS rebinding attack that was able to bypass the old module.
"NoScript 2.0 is out, and among other things, saves your router's ass even if it's so flawed to expose its UI on the LAN with its WAN IP :P," Maone tweeted this week.
The module now detects your public WAN IP by sending an anonymous query on a secure channel and treats this IP as a local address when enforcing policies against cross-site request forgery (CSRF) and DNS Rebinding, common ways in which malicious sites hack into routers.
Version 2.0 also includes several bug fixes and the ability to better handle multiple permissions on the same page. NoScript blocks script and plug-in content on all sites you haven't whitelisted.
You can download NoScript 2.0 is available from Maone or from the Firefox add-ons site. Donations can be made here. ®
COMMENTS
NoScript and AdBlock...
...have become "must-haves" in today's browsing world. I am constantly amazed at how much excess junk is delivered when I use Android's onboard browser.
That being said, the DNS rebinding flaw can only be triggered when the router's password is compromised, or left as an easy-to-guess default. Even though using ABE is good, it should additionally warn the user to change the default password and / or user to prevent other flaws from hijacking / hacking the router, especially using the uPnP route (which will totally bypass NoScript).
Wife usability quotient
Your argument is a bit strange - you seem to be saying that, unless your wife can see whatever she wants on the internet, it is a failure, yet you seem to be okay with Flashblock, which makes so many sites unusable.
As with anything else, it requires a bit of time and patience to teach someone to use the security that is necessary these days. With NoScript, teach your wife to allow the content of routinely used sites (so, on here, click "Allow theregister.co.uk"), temporarily allow extra bits (comments often need something else enabled, but this doesn't need to be done every time), but never, ever, allow e.g. doubleclick, google analytics, etc. Simple.
saves your router's ass?
Misleading healdine, unless noscript can ensure my aviating Russian donkey gets a soft bum-landing?
AC, 'cos I'm not owning up to this.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
