Block IFRAME For Added Protection
If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won’t be long before you see NoScript mentioned. Odds are, you already have.
NoScript is a small program you download and add ‘into’ Firefox to enhance its functionality (these small programs are known variously as “add-ons”, “plug-ins”, and “extensions”– different words for the same concept.)
NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically “blocks” (prevents from running) certain web page ‘elements’ (scripts) — Java, Flash, JavaScript, and XSS– from running unles
s you click the Option button and select “Allow”, or “Temporarily allow”.
Which puts you in control, and goes a long ways toward preventing “drive-by downloads“, and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been “poisoned” by a hacker.
(I don’t mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)
By default, NoScript is a powerful tool (to read the NoScript “About” page, click here) and for many people is the primary reason they have made the switch to Firefox.
(I’ll let you in on a little secret; it is one way to measure a user’s “savvy”.. look for a Firefox icon.)
Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an “attack vector” (aka “method”) with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!
1) In Firefox, click on “Tools”, then “Add-ons”
2) Scroll ’till you find NoScript, and click the “Options” button. (If you have not yet installed NoScript, click the “Get Add-ons” icon in the upper-left.)
3) Click on the Plugins tab. Place a check in the “Forbid <IFRAME>” checkbox.
That’s it. You’re done. Now when you visit a site that uses IFrames, you will have to approve them (aka “whitelist”) before they’ll appear.
[Note: the scripts and tools (Web 2.0 "features") mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can -- and are -- being used with criminal intent.]
Today’s free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can’t truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results – Consequences for You
* Firefox users: Update 3.0.3 available today.
Copyright © 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
8 Comments »
Leave a comment
About Tech Paul
Welcome to my blog. I am a CompTIA Certified computer technician, and the owner of Aplus Computer Aid. I offer my affordable and friendly services via remote control over the Web, or over the phone. My email is tech4everyone(at)gmail.com.
I regularly post how-to’s and tricks & tips and general computing advice. Sometimes I will answer (your) specific questions in an article if I believe that it is generally helpful to “everyone”. All the writing you see is my own, typos and all.
I do my very best to provide the best solutions and advice. I use only industry best practices, and reliable sources for my research. I strive to Do No Harm.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Copyright 2007-9 © by Tech Paul. All rights reserved.
Subscribe in a reader
---------------------
* Subscribe to Tech--for Everyone by Email
--------------------- post to jaanix
-
-
What Readers Are Saying
techpaul on About Tech Paul techpaul on Repost: keyboard maintena… Anonymous on Repost: keyboard maintena… NICE on About Tech Paul techpaul on Hibernation vs. Sleep+Vis… marlene on Hibernation vs. Sleep+Vis… rubypdf on Quick Tip: overcome “acc… techpaul on Laptop Batteries – Quick… -
-
-
-
-
Folks, this is not one of those "trick you into buying" free scans, but a scan that show what is running, and loaded to run (Startup folder, etc.). You can also click links to learn more about the files it finds. And, please, do a search before you decide something doesn't belong. 
-
Nice content but such horrible, example of most wrong colors, this site looks so depressing, scares people away ! I’m gonna leave without reading :-(
Well I certainly don’t want to be scary…
Ok, great! Block Javascript, IFrames, Flash and the like.
Why not go ahead and block web sites from loading on browsers from now on? At some point you have to get real about web browsing. Yes, there are people who want to break your computers by loading malisious scripts or viruses, but where do you draw the line?
99% of web sites these days rely on at least one of the technologies mentioned above to work properly! Taking them away will stop the sites working, and I’m pretty sure that only a handfull of sites have malisious content.
What you are doing by spreading this so called information is causing panic, and making people scared to browse. The vast majority of web surfers out there are going to panic when they see a warning about some script trying to run, and they are going to stop it, even if it is only a menu item loading.
If you have half decent anti everything, the real nasties will be blocked by them and the need for these add-ons won’t be there.
This is not great news for web developers!!!
Quinton,
It has gotten so dangerous that there are advocates of text-only browsers.
No, having the latest, fully updated malware tools will not protect you from a lot of web-based attacks. Not even the heuristic ones.
And going to “safe”, well-known websites only will not protect you because of website poisoning.
Yes. The cyber-criminals are killing the Web. Hence Bush’s, and now Obama’s statements and plans. Their goal is not to “break my machine”, but to steal my money and/or commit crime (fraud) in my name.
What these blockers do is essential, as they prevent things from just running (with whatever permissions they can get) until the user okay’s them. (Unfortunately, nobody reads what they’re OK-ing, and are being conditioned to just click “OK”)
Create a panic? Are you kidding? What percentage of “average computer users” have even heard of a keylogger installed via drive-by? Are botted and don’t know it?
Flash is to serve me ads which I don’t want.
Java is so I can fill in form which I don’t want to do — why should I have to give you an e-mail so I can view the page?
hi i cnnot iframes block on ie8 :S
asdf,
That – in a nutshell – is why people have switched to Firefox.
IE 8 has several security features. Please see, http://www.microsoft.com/windows/internet-explorer/features/safer.aspx
yes. iframe is such a dangerous tag.
Most people are still not aware of its misuse.
Many websites are being infected with iframe tag in their main pages.
Now I am going to block web pages with iframes.
Venkatachalam.
* 77 percent of Web sites with malicious code are legitimate sites that have been compromised. (called “poisoned”)
* 233 percent growth in the number of malicious sites in the last six months and a 671 percent growth during the last year.
* 95 percent of comments to blogs, chat rooms and message boards are spam or malicious.
* 57 percent of data-stealing attacks are conducted over the Web.
* 85 percent of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.