Re: [LINK] Gumtree

2014-06-29 Thread Stephen Loosley
Thanks Ric .. good man. And one must say that sure, the definitionand effect of "malicious software" will vary enormously. Howeverit's disappointing that simple visits to more than 30% of Gumtree'spages are, apparently, found to "result in malicious software beingdownloaded and installed wit

Re: [LINK] Gumtree

2014-06-29 Thread Rick Welykochy
Hi Linkers and SL, I think the google may be protesting too much. If you follow the links for the two sites listed, i.e. /*zamcheck.org/ *//*, *//*indolocker.com/

Re: [LINK] Gumtree

2014-06-29 Thread Scott Howard
On Sun, Jun 29, 2014 at 8:38 AM, Rick Welykochy wrote: > I think the google may be protesting too much. If you follow the links > for the two sites listed, i.e. /*zamcheck.org/ < > http://www.google.com/safebrowsing/diagnostic?site=zamcheck.org/>*//*, > *//*indolocker.com/ >

Re: [LINK] Gumtree

2014-06-29 Thread JanW
At 02:45 AM 30/06/2014, Scott Howard you wrote: >It's not just Gumtree being hit by this over the past few days, there's a >lot of sites being redirected to the same 2 sites. Talk is that it's via >an advertising network being abused and not the actual sites themselves, >but I haven't looked clos

[LINK] Disable clipboard for password input

2014-06-29 Thread Paul Bolger
My mobile phone company recently redid their website. When I tried to log in to the new site - using my normal method, copy and paste the password out of KeepassX - I discovered that they have disabled clipboard access to the password input field via javascript. I rang them up and the person on th

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread JanW
At 08:48 AM 30/06/2014, Paul Bolger wrote: >It seems to be that disabling the pasting of passwords could only >really have a bad effect on security. I can see no mechanical benefit, >a keylogger is going to be just as good at recording a manually keyed >password as a pasted one, and forcing users t

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Karl Auer
On Mon, 2014-06-30 at 10:48 +1200, Paul Bolger wrote: > I discovered that they have disabled > clipboard access to the password input field via javascript. Install NoScript, turn off scripts for the page. See if that solves the problem, You can turn the scripts back on when you've finished enterin

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Paul Bolger
It's not that hard to get around (I just turn the js off in Web Developer), but it strikes me that this phone company think they are being 'security conscious', but that the net effect will be the opposite. On 30 June 2014 11:38, Karl Auer wrote: > On Mon, 2014-06-30 at 10:48 +1200, Paul Bolger w

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Kim Holburn
If you use firefox get this extension: Disable clipboard manipulations https://addons.mozilla.org/en-US/firefox/addon/nocopypaste/ About this Add-on No configuration required, the extension is immediately active after installation. Web pages will no longer be able to listen to copy, paste and c

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Rick Welykochy
Kim Holburn wrote: > If you use firefox get this extension: > > Disable clipboard manipulations > https://addons.mozilla.org/en-US/firefox/addon/nocopypaste/ > > About this Add-on > > No configuration required, the extension is immediately active after > installation. Web pages will no longer be a

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Scott Howard
On Sun, Jun 29, 2014 at 7:52 PM, Rick Welykochy wrote: > A comment on the plug-in page mentioned security and privacy issues being > addressed > by this plug-in. Now that I think about it, I suppose anything on your > clipboard could > be surreptitiously copied to rogue websites. Not a pleasant t

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Paul Bolger
So does disabling pasting into the password field provide any benefit for the site owner, besides annoying the users? On 30 June 2014 15:01, Scott Howard wrote: > On Sun, Jun 29, 2014 at 7:52 PM, Rick Welykochy wrote: > >> A comment on the plug-in page mentioned security and privacy issues bei

Re: [LINK] Disable clipboard for password input

2014-06-29 Thread Kim Holburn
To be very cynical: It means that keyloggers can nab your password, so I guess it depends on the motivations of the website owners. On 2014/Jun/30, at 2:28 PM, Paul Bolger wrote: > So does disabling pasting into the password field provide any benefit > for the site owner, besides annoying the us