maone

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

NoScript vs. Internet Explorer 8 Filters

NoScript plugin writer Giorgio Maone posted a commentary on IE 8's new filters, drawing comparisons to his own widely popular NoScript Firefox plugin.  Maone writes: I’m happy to learn that IE8 is going to implement a less ambitious version of a feature which NoScript users have enjoyed for more than one...

Tags: Mozilla Firefox, XSS, Microsoft Internet Explorer, Attack, Maone, Nathan McFeters

Blog posts 2008-07-03

Additional Resources

Twitter hit by multiple variants of XSS worm

During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter,  automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site....

Tags: Flaw, XSS, Worm, Twitter, www.StalkDaily.com, Mikeyy XSS, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Blog posts 2009-04-14

Firefox + NoScript vs Clickjacking

In response to my story earlier on the cross-browser Clickjacking exploit/threat, I received the following e-mail from Giorgio Maone, creator of the popular Firefox NoScript plug-in: Hi Ryan, I've seen a lot of speculation and confusion in the comments to your Clickjacking article about NoScript not...

Tags: Mozilla Firefox, Speculation, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-09-25

Clickjacking: Researchers raise alert for scary new cross-browser exploit

[ UPDATE: See e-mail from NoScript creator Giorgio Maone on a possible mitigation ] Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms -- Microsoft Internet Explorer, Mozilla Firefox, Apple...

Tags: JavaScript, Web Browser, Web Browsers, Scripting Languages, Internet, Software/Web Development, Web Development, Ryan Naraine

Blog posts 2008-09-25

NoScript mitigates HTTPS cookie hijacking attacks

The invaluable NoScript for Firefox plug-in just got a tad better. According to Giorgio Maone, the developer behind the popular browser extension, a new experimental feature called "Forced Secure Cookies" has been added to NoScript v1.8.0.5 to mitigate the HTTPS cookie hijacking attack vector discussed at DEFCON...

Tags: Attack, Cookie, NoScript, Ryan Naraine

Blog posts 2008-09-11

Mozilla getting ready to push Firefox 3.0.1 on 2.0 users

Mozilla getting ready to push Firefox 3.0.1 on 2.0 usersOlder OSesAnd for those people that are running older OSes that the Mozilla folks decided to abandon, just what is Mozilla planning to do? Perhaps forcefully install an incompatible version on top of the one they already had, thus rendering...

Tags: Web browsers, Mozilla Firefox, Mozilla Corp., Firefox 3.0.1, FF3, Web browser

Discussion threads 2008-08-20

Adobe claims to have known of Flash issue prior to CanSecWest '08, patch is on the way

Adobe claims to have known of Flash issue prior to CanSecWest '08, patch is on the way"What should I do as a customer?" NoScript!Sorry Adobe, that's not the way to give advices.Any vulnerability report I've seen involving browser stuff honestly recommended to disable (Java|JavaScript|Flash) until the vulnerability was patched.Now, just...

Tags: Patches, SECURITY, NoScript, Adobe Systems Inc., CanSecWest

Discussion threads 2008-04-03

Defeating the Same Origin Policy part 1

Defeating the Same Origin Policy part 1ouh... That made my head hurt.Excellent post. I wasn't sure wither to laugh or scream. Worrisome, I will say that.And while this subject is, in fact, no laughing matter, the way you made it look so easy made me laugh anyway. ...

Tags: Same Origin Policy, attack, applet, JavaScript

Discussion threads 2008-03-14

Researchers outline Wi-Fi router hijacking via browser

Researchers outline Wi-Fi router hijacking via browserThe last two Netgear WiFi...routers I installed had UPnP on by default. What are the 4 kinds you looked at?Belkin, Netgear, LinksysTwo kinds of Belkins actually, a pre-N and a G, and the Netgear and Linksys routers were all G.I just checked every...

Tags: Routers & switches, Network technology, Wireless LANs, NETWORKING, Home networking, Web browser, UPnP, router, NoScript, Wi-Fi, Wi-Fi router

Discussion threads 2008-01-15

Belated Firefox patch coming for (another) protocol handling bug

Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser. The problem see previous coverage is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents...

Tags: Mozilla Firefox, Attacker, Site, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2007-11-16

Protocol abuse adds to Firefox, Windows security woes

Protocol abuse adds to Firefox, Windows security woesDone, half of it anyway...All my FF settings were False except or one, so thanks on that one.IRT "URI handlers can be removed by deleting the following registry keys: HKCR", uh, I have way too many of those to go down that list...

Tags: Web browsers, Microsoft Windows XP, security, Mozilla Firefox, Firefox Windows security woe, Firefox window, security woe, window

Discussion threads 2007-07-26