NoScript 2.0 released

Published: 2010-07-29
Last Updated: 2010-07-29 12:47:50 UTC
by Rob VandenBrink (Version: 1)
2 comment(s)

Paul wrote in to tell us about the new version of NoScript just out ==> http://noscript.net/

The main new feature is protection against the Craig Heffner's DNS rebinding attack that's getting some press, which will be presented at Blackhat.this week ==> http://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Heffner

The protection is pretty simple - look up the public ip of the workstation, and place it in the LOCAL pseudo list.  It uses a public site https://secure.informaction.com/ipecho for this - I can't comment at this time if this is a "safe" site to use for this or not.

If anyone has more info on this please feel free to comment.

=============== Rob VandenBrink Metafore ===============

2 comment(s)

Comments

"There's no hope for you and no point in looking for security enhancements, while you keep using an unsafe wannabe web browser"

The message above kind of turned me off.
Interesting article related to this vulnerability:
http://blog.opendns.com/2010/07/27/calling-craig-heffner/
Diary Archives