General discussion

Benutzerbild

For the truly paranoid

Fri Nov 6 02:39:26 2009 – osfijwoei390WEFw23sf

I've recently stumbled upon a Firefox extension called Request Policy: https://addons.mozilla.org/en-US/firefox/addon/972...

By default, it blocks all cross site script, image, css, etc. requests. It allows you to whitelist cross site requests on a site by site basis. It is similar to NoScript, but whereas NoScript handles the blocking of scripts and plugins, Request Policy handles the blocking of all the other HTML content on a web page.

It is a great extension for the truly paranoid. And yes, I have it installed and am using it right now. It is especially useful to protect against cross script request forgery (CSRF) attacks where a script from an hostile external domain can steal your cookie credentials.

There is one bug I have encounter, but it is a minor one. You must have the status bar in Firefox enabled or the Request Policy menu can't be activated. But besides that, it's a solid program.

Benutzerbild

Interesting

Fri Nov 6 02:58:23 2009 – g7w

I'll try it out; I'm paranoid too... ;-)

BTW, you should add that to the Wiki -> Tools -> FF Extension list.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Benutzerbild

Added.

Fri Nov 6 03:21:07 2009 – osfijwoei390WEFw23sf

Added.

Benutzerbild

lol

Fri Nov 6 03:01:38 2009 – jpvip

I have used that before. It is kind of annoying, to be honest. That is only because I am an advanced computer user, and can be easily annoyed.

~DragonMaster Jay, malware researcher,
Admin, helpmyos.com

Benutzerbild

Firefox 3.5.5 has just been

Fri Nov 6 06:51:47 2009 – osfijwoei390WEFw23sf

Firefox 3.5.5 has just been released. If you read the release notes, http://www.mozilla.com/en-US/firefox/3.5.5/release..., you will see that the major bug they fixed in this release is a hanging pointer vulnerability in their GIF rendering code. This could allow a remote execution of arbitrary code on your computer if a hacker crafted a malicious GIF image and got you to view it. This is a case of where Request Policy could help minimize the risk of this attack working by blocking cross site requests for images that you do not explicitly allow.

Benutzerbild

This add-on is for older

Fri Nov 6 10:01:47 2009 – hotdoge3

This add-on is for older versions of Firefox no good for me as Firefox 3.6 Beta 1
Version 0.5.8 Works with Firefox: 3.0 – 3.6b1pre
Secure yourself from Cross-Site Request Forgery No Script dose that don't see need for this if I got this right let me know if not so?
I have NoScript Adblock Plus with spyblock & MyWOT

Benutzerbild

NoScript doesn't block the

Fri Nov 6 16:16:48 2009 – osfijwoei390WEFw23sf

NoScript doesn't block the same content as Request Policy. NoScript blocks the scripts and plugins from running, whereas Request Policy blocks the images, css, and other HTML content from third parties by default. It depends on your level of paranoia if you want to install it. NoScript protects against Cross Site Scripting (XSS) attacks, but it doesn't protect against Cross Site Request Forgery (CSRF) attacks which can be plain images or HTML design to grab your cookies if a website has coding errors.

For Firefox 3.6 B1, you could try disabling the extension compatibility check and see if that helps: http://kb.mozillazine.org/Updating_extensions#Comp...

Benutzerbild

what if they hijack ur

Sat Nov 7 00:34:06 2009 – demonluo

what if they hijack ur Request Policy too, hopefully not?

Benutzerbild

How would they hijack

Sun Nov 8 05:49:41 2009 – osfijwoei390WEFw23sf

How would they hijack Request Policy?

Benutzerbild

I'll try it

Sat Nov 7 14:14:38 2009 – phantazm

Paranoia can't be overdone.. ;-)

Benutzerbild

It can be. I'm on the verge

Sun Nov 8 05:53:52 2009 – osfijwoei390WEFw23sf

It can be. I'm on the verge of installing Linux onto a virtual machine in which to run FireFox with WOT, NoScript, Ad Block+, Request Policy, Controle de Scripts, as well as some other privacy plugins.......:-)

Anyone ever tried running a virtual machine inside a virtual machine? ;-)

Benutzerbild

Any limits..?

Sun Nov 8 14:49:27 2009 – phantazm

How about a virtual machine inside a virtual machine inside a virtual machine..?

How convoluted can it get; is infinity the limit..?

Benutzerbild

Yes

Sun Nov 8 13:26:42 2009 – BobJam

I run sandboxie on IE8 within a VM (running XP HE SP3) on a Linux (Ubuntu 9.10) host. It works just fine.

Benutzerbild

This is pretty useful lets

Mon Nov 9 07:01:20 2009 – Cheater87

This is pretty useful lets you know about redirects but takes a while to get the white list up.

© WOT Services Patent angemeldet