NoScript.net

This new update has more features than the last one. If you are using FF now, just seacrh for updates in your extensions mgr.

If you are not using FF yet,
It may be a good time to consider to Get Firefox, with Adblock Plus, and NoScript. Then, Get more themes and extensions

Version 1.1.4.7: "Soft on Digg, Hard on XSS"

Main good news:

• Unique Anti-XSS Protection, even against XSS attacks targeted to whitelisted sites. While Cross-Site Scripting (XSS) vulnerabilities need to be fixed by the web developers, now users can finally do something to protect themselves: NoScript is the only effective defense available to "web-consumers", waiting for "web-providers" to clean up their mess.
• Plays nicer with Digg and other "Web 2.0" sites, by definitely fixing an occasional glitch which previously happened with the nested dynamic loading hack used by some AJAX libraries.
• Super fast and reliable reload when permissions changes.
• Long awaited blacklist feature

-------------------------------------------------------------------
Now, following some of the links from the NoScript page, we find this, and these things which follow, and PLENTY more;

Jikto in the wild

Tool turns unsuspecting surfers into hacking help

Hackers broaden reach of cross-site scripting attacks

Like I say, just another good reason Get FireFox.

Also a reminder, and very good reason to avoid sites with known documented, unrepaired, and unaddressed, longstanding XSS flaws, sites such as EbaY, where the problem is further compounded by the lack of any proper or reasonable, or responsible safety alerts, such as perhaps a HIGH-VIS warning placed promenently on the affected site, or made known in general, via any other forms of popular media, FROM the website, TO the typical websurfers/users, and general public alike.

I won't even bring up all those embarrassing, pesky user's data leaks here ... The four incidents now that we all know about in the last 2-3 months or so...










-- Edited by budnonymous at 16:45, 2007-04-12