-
RequestPolicy Firefox Plugin – the ultimate NoScript
I recently found out about the following Firefox plugin/addon: RequestPolicy (via this blogpost) – see also the Firefox addon page. Its function is to whitelist all kinds of cross-domain requests, including scripts, style-sheets, images, objects (Flash, Java, Silverlight), etc. Anything in a webpage hosted on the domain A can reference other content from domain A,…
-
The fox in the henhouse?
Some time back I ranted about ParetoLogic which was used to be known as the makers of a rogue security product (XoftSpy). Today I can rant once again about them: They’ve published a blogpost insinuating that Firefox 3.5 has a remote code execution vulnerability. I’ve tried to inquire if they notified Mozilla about the issue,…
-
Using a single file to serve up multiple web resources
While trying to set up my GHDB mirror, my first thought was to use googlepages. I quickly found the bulk upload to googlepages how to by X de Xavier, which is a very cool tool (and also an interesting way to hack your “chrome”), but unfortunately I found that Google Pages has a limit of…
-
Effective self-censorship
No, I won’t be talking about China or Australia here. I would like talk about my experience of downloading a Firefox theme. The given theme was marked as experimental, and thus – to download it – I had to create a user account on the site. The F.A.Q. explains it as follows: Why do I…
-
Firefox 2 end-of-life
Via Slashdot came the news that version 1.8 of the Gecko engine used to render HTML in Firefox 2, Thunderbird 2, etc. was being end of lifed. Now I have still a few computers which I’m responsible for that have FF2 on them, just because that’s what the users were accustomed to. So I searched…
-
Two quick tips
Via the .:Computer Defense:. blog: the Windows command prompt has a history feature: just press F7 in a command window. One of the great features of Firefox 2 is the session saving (I know, there were extensions before that to do the same thing, but they somehow never worked for me). If you want to…
-
Lies, Damn Lies and Statistics
I’m back with more critique for Deb Shinder (who for one reason or an other doesn’t allow commenting on her blog, so I can’t directly post there). Read part one (Biometrics is not the answer!) and part two (Three letter acronyms don’t provide good security!) for more opinionated posts. The post I’m talking about is…
-
Decoding obfuscated Javascript
SANS had recently a posting about methods to decode obfuscated Javascript, and I just wanted to mention 2+1 tools here: In Firefox you can use the View Source Chart extension to view the source after the javascript has executed. There is also the versatile Firebug, but IMHO that’s an overkill for this. For Internet Explorer…