Tech by PC

Noscript is one of my essential browser tools. What it does is intercept java, flash, and other script including executable content on a Firefox browser and keeps it from executing until the user specifically whitelists the site. It can be an inconvenience to someone who doesn’t understand the dangers that exist on the Internet, however it doesn’t save us from every danger out there.

It seems someone at ZD Net noticed it recently. It’s nice to know that Noscript protects from specific Zero Day attacks too.

If you use Firefox (and you should) then you should use Noscript to complete your safety net.

It is rare when the XSS detection triggers, but even for someone that browses as carefully as I do, it can. In fact there are some times when I am browsing through things that aren’t necessarily all on the up-and-up. I had a PC that I needed to hack into a couple weeks ago and my traditional tool is ophcrack over at SourceForge. They recently updated the tool and it no longer performs as it did – very disappointing. I downloaded a previous version and let it crack away on the target computer, however it couldn’t reveal any of the passwords. I did some searching for an alternative tool, and as you can guess that led me to some shady websites. With Noscript I didn’t worry at all.

The one thing that Noscript doesn’t save us from is a trusted site that we’ve whitelisted that was subsequently cracked. If the defacement includes posting compromised code, then it will execute just as if it were trusted.

This entry was posted on Thursday, September 11th, 2008 at 8:29 pm and is filed under Internet, Security, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.