Forum
Comments:
-
- on Fri 06 Nov 2009
- 02:58:23 AM UTC
Interesting
I'll try it out; I'm paranoid too... ;-)
BTW, you should add that to the Wiki -> Tools -> FF Extension list.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Fri 06 Nov 2009
- 06:51:47 AM UTC
Firefox 3.5.5 has just been
Firefox 3.5.5 has just been released. If you read the release notes, http://www.mozilla.com/en-US/firefox/3.5.5/release..., you will see that the major bug they fixed in this release is a hanging pointer vulnerability in their GIF rendering code. This could allow a remote execution of arbitrary code on your computer if a hacker crafted a malicious GIF image and got you to view it. This is a case of where Request Policy could help minimize the risk of this attack working by blocking cross site requests for images that you do not explicitly allow.
-
- on Fri 06 Nov 2009
- 10:01:47 AM UTC
This add-on is for older
This add-on is for older versions of Firefox no good for me as Firefox 3.6 Beta 1
Version 0.5.8 Works with Firefox: 3.0 – 3.6b1pre
Secure yourself from Cross-Site Request Forgery No Script dose that don't see need for this if I got this right let me know if not so?
I have NoScript Adblock Plus with spyblock & MyWOT -
- on Fri 06 Nov 2009
- 04:16:48 PM UTC
NoScript doesn't block the
NoScript doesn't block the same content as Request Policy. NoScript blocks the scripts and plugins from running, whereas Request Policy blocks the images, css, and other HTML content from third parties by default. It depends on your level of paranoia if you want to install it. NoScript protects against Cross Site Scripting (XSS) attacks, but it doesn't protect against Cross Site Request Forgery (CSRF) attacks which can be plain images or HTML design to grab your cookies if a website has coding errors.
For Firefox 3.6 B1, you could try disabling the extension compatibility check and see if that helps: http://kb.mozillazine.org/Updating_extensions#Comp...
-
- on Sat 07 Nov 2009
- 12:34:06 AM UTC
what if they hijack ur
what if they hijack ur Request Policy too, hopefully not?
-
- on Sun 08 Nov 2009
- 05:49:41 AM UTC
How would they hijack
How would they hijack Request Policy?
-
- on Sat 07 Nov 2009
- 02:14:38 PM UTC
I'll try it
Paranoia can't be overdone.. ;-)
-
- on Sun 08 Nov 2009
- 05:53:52 AM UTC
It can be. I'm on the verge
It can be. I'm on the verge of installing Linux onto a virtual machine in which to run FireFox with WOT, NoScript, Ad Block+, Request Policy, Controle de Scripts, as well as some other privacy plugins.......:-)
Anyone ever tried running a virtual machine inside a virtual machine? ;-)
-
- on Sun 08 Nov 2009
- 02:49:27 PM UTC
Any limits..?
How about a virtual machine inside a virtual machine inside a virtual machine..?
How convoluted can it get; is infinity the limit..?
-
- on Mon 09 Nov 2009
- 07:01:20 AM UTC
This is pretty useful lets
This is pretty useful lets you know about redirects but takes a while to get the white list up.
For the truly paranoid
I've recently stumbled upon a Firefox extension called Request Policy: https://addons.mozilla.org/en-US/firefox/addon/972...
By default, it blocks all cross site script, image, css, etc. requests. It allows you to whitelist cross site requests on a site by site basis. It is similar to NoScript, but whereas NoScript handles the blocking of scripts and plugins, Request Policy handles the blocking of all the other HTML content on a web page.
It is a great extension for the truly paranoid. And yes, I have it installed and am using it right now. It is especially useful to protect against cross script request forgery (CSRF) attacks where a script from an hostile external domain can steal your cookie credentials.
There is one bug I have encounter, but it is a minor one. You must have the status bar in Firefox enabled or the Request Policy menu can't be activated. But besides that, it's a solid program.