General discussion

Käyttäjän kuva

For the truly paranoid

pe 6. marraskuuta 2009 02:39:26 — osfijwoei390WEFw23sf

I've recently stumbled upon a Firefox extension called Request Policy: https://addons.mozilla.org/en-US/firefox/addon/972...

By default, it blocks all cross site script, image, css, etc. requests. It allows you to whitelist cross site requests on a site by site basis. It is similar to NoScript, but whereas NoScript handles the blocking of scripts and plugins, Request Policy handles the blocking of all the other HTML content on a web page.

It is a great extension for the truly paranoid. And yes, I have it installed and am using it right now. It is especially useful to protect against cross script request forgery (CSRF) attacks where a script from an hostile external domain can steal your cookie credentials.

There is one bug I have encounter, but it is a minor one. You must have the status bar in Firefox enabled or the Request Policy menu can't be activated. But besides that, it's a solid program.

Käyttäjän kuva

Interesting

pe 6. marraskuuta 2009 02:58:23 — g7w

I'll try it out; I'm paranoid too... ;-)

BTW, you should add that to the Wiki -> Tools -> FF Extension list.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Käyttäjän kuva

Added.

pe 6. marraskuuta 2009 03:21:07 — osfijwoei390WEFw23sf

Added.

Käyttäjän kuva

lol

pe 6. marraskuuta 2009 03:01:38 — jpvip

I have used that before. It is kind of annoying, to be honest. That is only because I am an advanced computer user, and can be easily annoyed.

~DragonMaster Jay, malware researcher,
Admin, helpmyos.com

Käyttäjän kuva

Firefox 3.5.5 has just been

pe 6. marraskuuta 2009 06:51:47 — osfijwoei390WEFw23sf

Firefox 3.5.5 has just been released. If you read the release notes, http://www.mozilla.com/en-US/firefox/3.5.5/release..., you will see that the major bug they fixed in this release is a hanging pointer vulnerability in their GIF rendering code. This could allow a remote execution of arbitrary code on your computer if a hacker crafted a malicious GIF image and got you to view it. This is a case of where Request Policy could help minimize the risk of this attack working by blocking cross site requests for images that you do not explicitly allow.

Käyttäjän kuva

This add-on is for older

pe 6. marraskuuta 2009 10:01:47 — hotdoge3

This add-on is for older versions of Firefox no good for me as Firefox 3.6 Beta 1
Version 0.5.8 Works with Firefox: 3.0 – 3.6b1pre
Secure yourself from Cross-Site Request Forgery No Script dose that don't see need for this if I got this right let me know if not so?
I have NoScript Adblock Plus with spyblock & MyWOT

Käyttäjän kuva

NoScript doesn't block the

pe 6. marraskuuta 2009 16:16:48 — osfijwoei390WEFw23sf

NoScript doesn't block the same content as Request Policy. NoScript blocks the scripts and plugins from running, whereas Request Policy blocks the images, css, and other HTML content from third parties by default. It depends on your level of paranoia if you want to install it. NoScript protects against Cross Site Scripting (XSS) attacks, but it doesn't protect against Cross Site Request Forgery (CSRF) attacks which can be plain images or HTML design to grab your cookies if a website has coding errors.

For Firefox 3.6 B1, you could try disabling the extension compatibility check and see if that helps: http://kb.mozillazine.org/Updating_extensions#Comp...

Käyttäjän kuva

what if they hijack ur

la 7. marraskuuta 2009 00:34:06 — demonluo

what if they hijack ur Request Policy too, hopefully not?

Käyttäjän kuva

How would they hijack

su 8. marraskuuta 2009 05:49:41 — osfijwoei390WEFw23sf

How would they hijack Request Policy?

Käyttäjän kuva

I'll try it

la 7. marraskuuta 2009 14:14:38 — phantazm

Paranoia can't be overdone.. ;-)

Käyttäjän kuva

It can be. I'm on the verge

su 8. marraskuuta 2009 05:53:52 — osfijwoei390WEFw23sf

It can be. I'm on the verge of installing Linux onto a virtual machine in which to run FireFox with WOT, NoScript, Ad Block+, Request Policy, Controle de Scripts, as well as some other privacy plugins.......:-)

Anyone ever tried running a virtual machine inside a virtual machine? ;-)

Käyttäjän kuva

Any limits..?

su 8. marraskuuta 2009 14:49:27 — phantazm

How about a virtual machine inside a virtual machine inside a virtual machine..?

How convoluted can it get; is infinity the limit..?

Käyttäjän kuva

Yes

su 8. marraskuuta 2009 13:26:42 — BobJam

I run sandboxie on IE8 within a VM (running XP HE SP3) on a Linux (Ubuntu 9.10) host. It works just fine.

Käyttäjän kuva

This is pretty useful lets

ma 9. marraskuuta 2009 07:01:20 — Cheater87

This is pretty useful lets you know about redirects but takes a while to get the white list up.

© WOT Services Patentti vireillä