Noscript has iframe protection

Wednesday, 12 September 2007

For those of you that read my blog you’ll know that I’m not a big fan of iframes for various reasons. I wrote a Javascript/CSS scanner which uses them to scan a local area network. There was no easy way to actually prevent this stuff until now….noscript now has iframe protection which is fantastic news, Giorgio kindly added the feature on my request and I’m really impressed with the speed he implemented it because I only mentioned it yesterday!

So what are you waiting for? Protect your LAN information now and download the plugin!

Update…

Thanks to Om for starting the thread on slackers and supporting the idea, this will make a big difference to Firefox security.

The entry 'Noscript has iframe protection' was posted on September 12th, 2007 at 8:47 am and last modified on September 12th, 2007 at 1:29 pm, and is filed under Firefox, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

11 Responses to “Noscript has iframe protection”

  1. Bipin 3~ Upadhyay writes:
    No. 1 — September 12th, 2007 at 1:00 pm

    Yup!
    …and it feels good to be a part of something good πŸ™‚

  2. Gareth Heyes writes:
    No. 2 — September 12th, 2007 at 1:19 pm

    Yep nice one for starting the thread πŸ™‚

    It was a interesting discussion πŸ˜€

  3. Gareth Heyes writes:
    No. 3 — September 12th, 2007 at 1:30 pm

    I thought I’d give you a bit of credit as well πŸ˜‰

  4. Bipin 3~ Upadhyay writes:
    No. 4 — September 12th, 2007 at 3:02 pm

    Thanks for the “bit of credit” :P, but it doesn’t really matter. What matters is to be in touch with guys like you. I hope to be more active on Slackers. πŸ™‚

    The funny part is that I’d decided to post the thread right after Bank Of India hack but couldn’t.
    However, after reading your post I realized that this is the right time. So of course, (if the credit matters) you should get the bigger chunk. πŸ˜€
    Most importantly, let’s hope to see the issues (almost) killed with introduction of Content Restriction.

  5. Gareth Heyes writes:
    No. 5 — September 12th, 2007 at 3:14 pm

    I hope that Content Restriction will end this madness but doubt it. The trouble is that often when specs are decided they get too complicated and holes get introduced, I hope this doesn’t happen. Simplicity often leads to better security.

  6. Tom Macklin writes:
    No. 6 — September 12th, 2007 at 3:28 pm

    Yeah, simplicity leads to security…

    So, could you put include a feature in noscript that allows me to block most iframes, but allow ones that come from sites that are in my trusted sites list or that have a certificate that has been signed by…

  7. Gareth Heyes writes:
    No. 7 — September 12th, 2007 at 4:00 pm

    Tom, Giorgio has already added that to noscript, there is even an option to block iframes from trusted sites. Just for the record I’ve nothing to do with noscript I just like it and made a suggestion.

  8. Bipin 3~ Upadhyay writes:
    No. 8 — September 12th, 2007 at 5:31 pm

    @Gareth:
    Your comment reminds me of a line from Michael Zalewski’s “Silence on the Wire”:
    “The path to simplicity often leads through a seemingly needless level of complexity…”

    Although the context is different, the idea is crisp and clear: KISS πŸ™‚

    I need help regarding certain issues. Will send you a mail. Thanks in advance. πŸ™‚

  9. Tom Macklin writes:
    No. 9 — September 12th, 2007 at 5:55 pm

    sorry… bad attempt at a joke. I was trying to point out what happens to secure apps when people start using them…

  10. Gareth Heyes writes:
    No. 10 — September 12th, 2007 at 10:33 pm

    Sorry Tom it’s hard to tell when people are joking on comments πŸ™‚

  11. Gareth Heyes writes:
    No. 11 — September 12th, 2007 at 10:34 pm

    Om of course I’ll help ask away mate!

«
»