Wednesday, April 30, 2008

Firefox noscript add-on - time to start using it

A recent large scale hack of Microsoft's IIS web server means that lots of reputable web sites may be hosting exploits more commonly seen on the shady side of the net.

So it's probably time to start using the Firefox NoScript add-on ...

Hundreds of Thousands of Microsoft Web Servers Hacked - Security Fix

There is a great add-on for Firefox called "noscript," which blocks these kinds of Javascript exploits from running automatically if a user happens to visit a hacked site. Currently, there is no such protection for IE users, and disallowing Javascript entirely isn't really an option on today's World Wide Web. True, you can fiddle with multiple settings in IE to add certain sites to your "Trusted Zone," but that option has never struck me as very practical or scalable.

I've been using it for a few days. I whitelisted a number of the Google sites I use (if they're hacked we're all doomed) and so far it's been easy to enable JavaScript when needed by clicking on the S icon.

No comments: