subject:"New threat Clickjacking"

RE: New threat Clickjacking

2008-10-08 Thread Andy Ognenoff

So has anyone developed guidance around the clickjacking threat for the
average user who just wont use NoScript?

More details came out yesterday:

http://ha.ckers.org/blog/20081007/clickjacking-details/

 - Andy O. 

From: Todd Lemmiksoo [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 30, 2008 3:30 PM
To: NT System Admin Issues
Subject: New threat Clickjacking

http://redmondmag.com/news/article.asp?editorialsid=10247 
Todd Lemmiksoo 
Network Administrator 
All-Mode Communications, Inc. 
1725 Dryden Road 
Freeville, New York  13068 
(607) 347-4164 x440 
1-877-ALLMODE  (toll free) 
http://www.all-mode.com 

 
 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: New threat Clickjacking

2008-09-30 Thread Micheal Espinola Jr

Nice.  I'll have to check those out too.

On Tue, Sep 30, 2008 at 7:45 PM, Angus Scott-Fleming
<[EMAIL PROTECTED]> wrote:
> On 30 Sep 2008 at 14:27, Kurt Buff  wrote:
>
>> +1 for NoScript.
>>
>> I also add in Ad Block Plus.
>>
>> After those two, I only have an issue with the crappiest of web sites,
>> and I'll turn to IE for those.
>
> +1 for both, and also for CustomizeGoogle, which I use to disable all kinds of
> google tracking, and to hide adverts in GMail and elsewhere.
>
> If you're truly paranoid (e.g. you don't want your ISP tracking you), use
> TorButton in Firefox to surf hidden from your ISP.  You can disable TorButton
> when you're doing innocuous things like reading google news, and turn it on 
> for
> other things.  It slows you down but privacy has a price.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New threat Clickjacking

2008-09-30 Thread Micheal Espinola Jr

Yep.  I've been doing that since day one.  I only allow it from trusted servers.

On Tue, Sep 30, 2008 at 7:45 PM, Angus Scott-Fleming
<[EMAIL PROTECTED]> wrote:
> On 30 Sep 2008 at 16:57, Micheal Espinola Jr  wrote:
>
>> "Experts say that NoScript, a security add-on to Firefox that blocks
>> JavaScript execution, is designed to defend against most attack
>> scenarios."
>>
>> You betcha.  I run this on every site unless I absolutely need js
>> functionality on a particular site in order to retrieve information.
>
> FYI according to the author of NoScript, you need to disable IFRAME (Options 
> ->
> Plugins -> "Forbid IFRAME" to have more-or-less complete protection against
> ClickJacking.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New threat Clickjacking

2008-09-30 Thread Carl Houseman

Does CustomizeGoogle really keep them from saving your search history on
their servers?

I like what these guys are doing:
http://ixquick.com

What makes them special?
 http://us2.ixquick.com/eng/protect_privacy.html

They don't have "Cached" access available, which is sorely missed and
preventing me from converting wholesale to it.

Carl

-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 30, 2008 7:46 PM
To: NT System Admin Issues
Subject: Re: New threat Clickjacking

On 30 Sep 2008 at 14:27, Kurt Buff  wrote:

> +1 for NoScript.
> 
> I also add in Ad Block Plus.
> 
> After those two, I only have an issue with the crappiest of web sites,
> and I'll turn to IE for those.

+1 for both, and also for CustomizeGoogle, which I use to disable all kinds
of 
google tracking, and to hide adverts in GMail and elsewhere.

If you're truly paranoid (e.g. you don't want your ISP tracking you), use 
TorButton in Firefox to surf hidden from your ISP.  You can disable
TorButton 
when you're doing innocuous things like reading google news, and turn it on
for 
other things.  It slows you down but privacy has a price.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: New threat Clickjacking

2008-09-30 Thread Angus Scott-Fleming

On 30 Sep 2008 at 16:57, Micheal Espinola Jr  wrote:

> "Experts say that NoScript, a security add-on to Firefox that blocks
> JavaScript execution, is designed to defend against most attack
> scenarios."
> 
> You betcha.  I run this on every site unless I absolutely need js
> functionality on a particular site in order to retrieve information.

FYI according to the author of NoScript, you need to disable IFRAME (Options -> 
Plugins -> "Forbid IFRAME" to have more-or-less complete protection against 
ClickJacking.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New threat Clickjacking

2008-09-30 Thread Angus Scott-Fleming

On 30 Sep 2008 at 14:27, Kurt Buff  wrote:

> +1 for NoScript.
> 
> I also add in Ad Block Plus.
> 
> After those two, I only have an issue with the crappiest of web sites,
> and I'll turn to IE for those.

+1 for both, and also for CustomizeGoogle, which I use to disable all kinds of 
google tracking, and to hide adverts in GMail and elsewhere.

If you're truly paranoid (e.g. you don't want your ISP tracking you), use 
TorButton in Firefox to surf hidden from your ISP.  You can disable TorButton 
when you're doing innocuous things like reading google news, and turn it on for 
other things.  It slows you down but privacy has a price.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: New threat Clickjacking

2008-09-30 Thread Kurt Buff

+1 for NoScript.

I also add in Ad Block Plus.

After those two, I only have an issue with the crappiest of web sites,
and I'll turn to IE for those.

Kurt

On Tue, Sep 30, 2008 at 2:22 PM, Micheal Espinola Jr
<[EMAIL PROTECTED]> wrote:
> Sure, I've whitelisted some trusted stuff too, but I cant say I've
> experienced anything that sounds that bad.
>
> In fact, my browsing experience has been better since it can be used
> to also block advertising.
>
> I think you should still use it to at least catch unwanted Flash,
> Silverlight, XSS, JAR, and IFRAMES - even if you aren't otherwise
> blocking the other stuff.
>
> It definitely takes some tweaking to get running mostly transparently,
> which is unfortunate.
>
> On Tue, Sep 30, 2008 at 5:06 PM, Sam Cayze <[EMAIL PROTECTED]> wrote:
>> I found that 99% of the sites I visited just don't work with NoScript,
>> so I spend my whole day whitelisting crap.  Guess how long that lasted?
>>
>> Good AV, AS, Firewall, OpenDNS, and something like SpywareBlaster (Which
>> blacklists bad sites), and a functional internet makes me happy.
>>
>> Sam
>>
>> -Original Message-
>> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, September 30, 2008 3:58 PM
>> To: NT System Admin Issues
>> Subject: Re: New threat Clickjacking
>>
>> "Experts say that NoScript, a security add-on to Firefox that blocks
>> JavaScript execution, is designed to defend against most attack
>> scenarios."
>>
>> You betcha.  I run this on every site unless I absolutely need js
>> functionality on a particular site in order to retrieve information.
>>
>> Its a shame IE doesn't have an equivalent.  NoScript is exceptional for
>> what it does.
>>
>> On Tue, Sep 30, 2008 at 4:29 PM, Todd Lemmiksoo
>> <[EMAIL PROTECTED]> wrote:
>>> http://redmondmag.com/news/article.asp?editorialsid=10247
>>>
>>> Todd Lemmiksoo
>>> Network Administrator
>>>
>>> All-Mode Communications, Inc.
>>> 1725 Dryden Road
>>> Freeville, New York  13068
>>> (607) 347-4164 x440
>>> 1-877-ALLMODE  (toll free)
>>> http://www.all-mode.com
>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> ME2
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
>
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: New threat Clickjacking

2008-09-30 Thread Micheal Espinola Jr

Sure, I've whitelisted some trusted stuff too, but I cant say I've
experienced anything that sounds that bad.

In fact, my browsing experience has been better since it can be used
to also block advertising.

I think you should still use it to at least catch unwanted Flash,
Silverlight, XSS, JAR, and IFRAMES - even if you aren't otherwise
blocking the other stuff.

It definitely takes some tweaking to get running mostly transparently,
which is unfortunate.

On Tue, Sep 30, 2008 at 5:06 PM, Sam Cayze <[EMAIL PROTECTED]> wrote:
> I found that 99% of the sites I visited just don't work with NoScript,
> so I spend my whole day whitelisting crap.  Guess how long that lasted?
>
> Good AV, AS, Firewall, OpenDNS, and something like SpywareBlaster (Which
> blacklists bad sites), and a functional internet makes me happy.
>
> Sam
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 30, 2008 3:58 PM
> To: NT System Admin Issues
> Subject: Re: New threat Clickjacking
>
> "Experts say that NoScript, a security add-on to Firefox that blocks
> JavaScript execution, is designed to defend against most attack
> scenarios."
>
> You betcha.  I run this on every site unless I absolutely need js
> functionality on a particular site in order to retrieve information.
>
> Its a shame IE doesn't have an equivalent.  NoScript is exceptional for
> what it does.
>
> On Tue, Sep 30, 2008 at 4:29 PM, Todd Lemmiksoo
> <[EMAIL PROTECTED]> wrote:
>> http://redmondmag.com/news/article.asp?editorialsid=10247
>>
>> Todd Lemmiksoo
>> Network Administrator
>>
>> All-Mode Communications, Inc.
>> 1725 Dryden Road
>> Freeville, New York  13068
>> (607) 347-4164 x440
>> 1-877-ALLMODE  (toll free)
>> http://www.all-mode.com
>>
>>
>>
>>
>
>
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>



-- 
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: New threat Clickjacking

2008-09-30 Thread Sam Cayze

I found that 99% of the sites I visited just don't work with NoScript,
so I spend my whole day whitelisting crap.  Guess how long that lasted?

Good AV, AS, Firewall, OpenDNS, and something like SpywareBlaster (Which
blacklists bad sites), and a functional internet makes me happy.

Sam

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 30, 2008 3:58 PM
To: NT System Admin Issues
Subject: Re: New threat Clickjacking

"Experts say that NoScript, a security add-on to Firefox that blocks
JavaScript execution, is designed to defend against most attack
scenarios."

You betcha.  I run this on every site unless I absolutely need js
functionality on a particular site in order to retrieve information.

Its a shame IE doesn't have an equivalent.  NoScript is exceptional for
what it does.

On Tue, Sep 30, 2008 at 4:29 PM, Todd Lemmiksoo
<[EMAIL PROTECTED]> wrote:
> http://redmondmag.com/news/article.asp?editorialsid=10247
>
> Todd Lemmiksoo
> Network Administrator
>
> All-Mode Communications, Inc.
> 1725 Dryden Road
> Freeville, New York  13068
> (607) 347-4164 x440
> 1-877-ALLMODE  (toll free)
> http://www.all-mode.com
>
>
>
>

--
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: New threat Clickjacking

2008-09-30 Thread Micheal Espinola Jr

"Experts say that NoScript, a security add-on to Firefox that blocks
JavaScript execution, is designed to defend against most attack
scenarios."

You betcha.  I run this on every site unless I absolutely need js
functionality on a particular site in order to retrieve information.

Its a shame IE doesn't have an equivalent.  NoScript is exceptional
for what it does.

On Tue, Sep 30, 2008 at 4:29 PM, Todd Lemmiksoo <[EMAIL PROTECTED]> wrote:
> http://redmondmag.com/news/article.asp?editorialsid=10247
>
> Todd Lemmiksoo
> Network Administrator
>
> All-Mode Communications, Inc.
> 1725 Dryden Road
> Freeville, New York  13068
> (607) 347-4164 x440
> 1-877-ALLMODE  (toll free)
> http://www.all-mode.com
>
>
>
>



-- 
ME2

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

New threat Clickjacking

2008-09-30 Thread Todd Lemmiksoo

http://redmondmag.com/news/article.asp?editorialsid=10247

Todd Lemmiksoo
Network Administrator

All-Mode Communications, Inc.
1725 Dryden Road
Freeville, New York  13068
(607) 347-4164 x440
1-877-ALLMODE  (toll free)
http://www.all-mode.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: New threat Clickjacking

Re: New threat Clickjacking

Re: New threat Clickjacking

RE: New threat Clickjacking

Re: New threat Clickjacking

Re: New threat Clickjacking

Re: New threat Clickjacking

Re: New threat Clickjacking

RE: New threat Clickjacking

Re: New threat Clickjacking

New threat Clickjacking

11 matches

Site Navigation

Mail list logo

Footer information