General discussion
For the truly paranoid
Fri Nov 6 02:39:26 2009 — osfijwoei390WEFw23sfI've recently stumbled upon a Firefox extension called Request Policy: https://addons.mozilla.org/en-US/firefox/addon/972...
By default, it blocks all cross site script, image, css, etc. requests. It allows you to whitelist cross site requests on a site by site basis. It is similar to NoScript, but whereas NoScript handles the blocking of scripts and plugins, Request Policy handles the blocking of all the other HTML content on a web page.
It is a great extension for the truly paranoid. And yes, I have it installed and am using it right now. It is especially useful to protect against cross script request forgery (CSRF) attacks where a script from an hostile external domain can steal your cookie credentials.
There is one bug I have encounter, but it is a minor one. You must have the status bar in Firefox enabled or the Request Policy menu can't be activated. But besides that, it's a solid program.
Interesting
Fri Nov 6 02:58:23 2009 — g7wI'll try it out; I'm paranoid too... ;-)
BTW, you should add that to the Wiki -> Tools -> FF Extension list.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
Added.
Fri Nov 6 03:21:07 2009 — osfijwoei390WEFw23sfAdded.
lol
Fri Nov 6 03:01:38 2009 — jpvipI have used that before. It is kind of annoying, to be honest. That is only because I am an advanced computer user, and can be easily annoyed.
~DragonMaster Jay, malware researcher,
Admin, helpmyos.com
Firefox 3.5.5 has just been
Fri Nov 6 06:51:47 2009 — osfijwoei390WEFw23sfFirefox 3.5.5 has just been released. If you read the release notes, http://www.mozilla.com/en-US/firefox/3.5.5/release..., you will see that the major bug they fixed in this release is a hanging pointer vulnerability in their GIF rendering code. This could allow a remote execution of arbitrary code on your computer if a hacker crafted a malicious GIF image and got you to view it. This is a case of where Request Policy could help minimize the risk of this attack working by blocking cross site requests for images that you do not explicitly allow.
This add-on is for older
Fri Nov 6 10:01:47 2009 — hotdoge3This add-on is for older versions of Firefox no good for me as Firefox 3.6 Beta 1
Version 0.5.8 Works with Firefox: 3.0 – 3.6b1pre
Secure yourself from Cross-Site Request Forgery No Script dose that don't see need for this if I got this right let me know if not so?
I have NoScript Adblock Plus with spyblock & MyWOT
NoScript doesn't block the
Fri Nov 6 16:16:48 2009 — osfijwoei390WEFw23sfNoScript doesn't block the same content as Request Policy. NoScript blocks the scripts and plugins from running, whereas Request Policy blocks the images, css, and other HTML content from third parties by default. It depends on your level of paranoia if you want to install it. NoScript protects against Cross Site Scripting (XSS) attacks, but it doesn't protect against Cross Site Request Forgery (CSRF) attacks which can be plain images or HTML design to grab your cookies if a website has coding errors.
For Firefox 3.6 B1, you could try disabling the extension compatibility check and see if that helps: http://kb.mozillazine.org/Updating_extensions#Comp...
what if they hijack ur
Sat Nov 7 00:34:06 2009 — demonluowhat if they hijack ur Request Policy too, hopefully not?
How would they hijack
Sun Nov 8 05:49:41 2009 — osfijwoei390WEFw23sfHow would they hijack Request Policy?
I'll try it
Sat Nov 7 14:14:38 2009 — phantazmParanoia can't be overdone.. ;-)
It can be. I'm on the verge
Sun Nov 8 05:53:52 2009 — osfijwoei390WEFw23sfIt can be. I'm on the verge of installing Linux onto a virtual machine in which to run FireFox with WOT, NoScript, Ad Block+, Request Policy, Controle de Scripts, as well as some other privacy plugins.......:-)
Anyone ever tried running a virtual machine inside a virtual machine? ;-)
Any limits..?
Sun Nov 8 14:49:27 2009 — phantazmHow about a virtual machine inside a virtual machine inside a virtual machine..?
How convoluted can it get; is infinity the limit..?
Yes
Sun Nov 8 13:26:42 2009 — BobJamI run sandboxie on IE8 within a VM (running XP HE SP3) on a Linux (Ubuntu 9.10) host. It works just fine.
This is pretty useful lets
Mon Nov 9 07:01:20 2009 — Cheater87This is pretty useful lets you know about redirects but takes a while to get the white list up.