Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - NoScript 2.0 released InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

NoScript 2.0 released

Published: 2010-07-29
Last Updated: 2010-07-29 12:47:50 UTC
by Rob VandenBrink (Version: 1)
2 comment(s)

Paul wrote in to tell us about the new version of NoScript just out ==> http://noscript.net/

The main new feature is protection against the Craig Heffner's DNS rebinding attack that's getting some press, which will be presented at Blackhat.this week ==> http://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Heffner

The protection is pretty simple - look up the public ip of the workstation, and place it in the LOCAL pseudo list.  It uses a public site https://secure.informaction.com/ipecho for this - I can't comment at this time if this is a "safe" site to use for this or not.

If anyone has more info on this please feel free to comment.

=============== Rob VandenBrink Metafore ===============

2 comment(s)
Diary Archives