General discussion
For the truly paranoid
pią 06 lis 2009 02:39:26 UTC — osfijwoei390WEFw23sfI've recently stumbled upon a Firefox extension called Request Policy: https://addons.mozilla.org/en-US/firefox/addon/972...
By default, it blocks all cross site script, image, css, etc. requests. It allows you to whitelist cross site requests on a site by site basis. It is similar to NoScript, but whereas NoScript handles the blocking of scripts and plugins, Request Policy handles the blocking of all the other HTML content on a web page.
It is a great extension for the truly paranoid. And yes, I have it installed and am using it right now. It is especially useful to protect against cross script request forgery (CSRF) attacks where a script from an hostile external domain can steal your cookie credentials.
There is one bug I have encounter, but it is a minor one. You must have the status bar in Firefox enabled or the Request Policy menu can't be activated. But besides that, it's a solid program.
- Zaloguj się lub zarejestruj by odpowiadać
Interesting
pią 06 lis 2009 02:58:23 UTC — g7wI'll try it out; I'm paranoid too... ;-)
BTW, you should add that to the Wiki -> Tools -> FF Extension list.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
Added.
pią 06 lis 2009 03:21:07 UTC — osfijwoei390WEFw23sfAdded.
lol
pią 06 lis 2009 03:01:38 UTC — jpvipI have used that before. It is kind of annoying, to be honest. That is only because I am an advanced computer user, and can be easily annoyed.
~DragonMaster Jay, malware researcher,
Admin, helpmyos.com
Firefox 3.5.5 has just been
pią 06 lis 2009 06:51:47 UTC — osfijwoei390WEFw23sfFirefox 3.5.5 has just been released. If you read the release notes, http://www.mozilla.com/en-US/firefox/3.5.5/release..., you will see that the major bug they fixed in this release is a hanging pointer vulnerability in their GIF rendering code. This could allow a remote execution of arbitrary code on your computer if a hacker crafted a malicious GIF image and got you to view it. This is a case of where Request Policy could help minimize the risk of this attack working by blocking cross site requests for images that you do not explicitly allow.
This add-on is for older
pią 06 lis 2009 10:01:47 UTC — hotdoge3This add-on is for older versions of Firefox no good for me as Firefox 3.6 Beta 1
Version 0.5.8 Works with Firefox: 3.0 – 3.6b1pre
Secure yourself from Cross-Site Request Forgery No Script dose that don't see need for this if I got this right let me know if not so?
I have NoScript Adblock Plus with spyblock & MyWOT
NoScript doesn't block the
pią 06 lis 2009 16:16:48 UTC — osfijwoei390WEFw23sfNoScript doesn't block the same content as Request Policy. NoScript blocks the scripts and plugins from running, whereas Request Policy blocks the images, css, and other HTML content from third parties by default. It depends on your level of paranoia if you want to install it. NoScript protects against Cross Site Scripting (XSS) attacks, but it doesn't protect against Cross Site Request Forgery (CSRF) attacks which can be plain images or HTML design to grab your cookies if a website has coding errors.
For Firefox 3.6 B1, you could try disabling the extension compatibility check and see if that helps: http://kb.mozillazine.org/Updating_extensions#Comp...
what if they hijack ur
sob 07 lis 2009 00:34:06 UTC — demonluowhat if they hijack ur Request Policy too, hopefully not?
How would they hijack
nie 08 lis 2009 05:49:41 UTC — osfijwoei390WEFw23sfHow would they hijack Request Policy?
I'll try it
sob 07 lis 2009 14:14:38 UTC — phantazmParanoia can't be overdone.. ;-)
It can be. I'm on the verge
nie 08 lis 2009 05:53:52 UTC — osfijwoei390WEFw23sfIt can be. I'm on the verge of installing Linux onto a virtual machine in which to run FireFox with WOT, NoScript, Ad Block+, Request Policy, Controle de Scripts, as well as some other privacy plugins.......:-)
Anyone ever tried running a virtual machine inside a virtual machine? ;-)
Any limits..?
nie 08 lis 2009 14:49:27 UTC — phantazmHow about a virtual machine inside a virtual machine inside a virtual machine..?
How convoluted can it get; is infinity the limit..?
Yes
nie 08 lis 2009 13:26:42 UTC — BobJamI run sandboxie on IE8 within a VM (running XP HE SP3) on a Linux (Ubuntu 9.10) host. It works just fine.
This is pretty useful lets
pon 09 lis 2009 07:01:20 UTC — Cheater87This is pretty useful lets you know about redirects but takes a while to get the white list up.