Friday, September 19, 2008

Noscript vs SurfJacking

| Armando Romeo |
Giorgio has added a new special feature to popular Noscript.

With new version 1.8.13 is now possible to force HTTPS on a (wildcard) list of websites and many other features regarding safety of the Https.
This comes in useful at protecting from SurfJacking attack put in practice by Sandro Gauci's tool.

Although Gmail solved the Surf jacking issue, that could lead to cookie stealing through a sophisticated hijacking, too many websites are still vulnerable to this kind of attack.

Now there's no additional work to do except providing a list of websites to Noscript and have it do the protection for us above all when we are in a hostile environment like an internet cafe or a open wifi connection.

Basically Noscript adds the secure flag to cookies on the fly forcing the cookie to be sent only on https connections.

Very good. When will Noscript be embedded in Mozilla off-the-shelf?

Anyway, this was a quick post. Time to fill my encypted cookies website list...

Free Security Magazines