NoScript 2.0 released

Published: 2010-07-29. Last Updated: 2010-07-29 12:47:50 UTC
by Rob VandenBrink (Version: 1)
2 comment(s)

Paul wrote in to tell us about the new version of NoScript just out ==> http://noscript.net/

The main new feature is protection against the Craig Heffner's DNS rebinding attack that's getting some press, which will be presented at Blackhat.this week ==> http://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Heffner

The protection is pretty simple - look up the public ip of the workstation, and place it in the LOCAL pseudo list.  It uses a public site https://secure.informaction.com/ipecho for this - I can't comment at this time if this is a "safe" site to use for this or not.

If anyone has more info on this please feel free to comment.

=============== Rob VandenBrink Metafore ===============

Keywords: noscript dns rebind
2 comment(s)

Comments

"There's no hope for you and no point in looking for security enhancements, while you keep using an unsafe wannabe web browser"

The message above kind of turned me off.

dsh

Jul 29th 2010
1 decade ago

Interesting article related to this vulnerability:
http://blog.opendns.com/2010/07/27/calling-craig-heffner/

M Guirao

Jul 29th 2010
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives