Video Tutorial and Sunday Beauty 59
Folks, regular readers have heard me say (many times) that I use Firefox as my web browser; and that I do so mainly for the safety provided by the security “add on” NoScript. Today, I have a short video which explains the basic How To (and the “why”) of NoScript.
Fact: The Internet has become a dangerous place.
And it being Sunday, how about a pretty picture?
Click on image to see more by this artist (reco'd)
venice-19 (romantic venice at night) by Alan Light, courtesy of Flickr Commons
Enjoy the rest of your weekend everybody!
Today’s quote: “The difference between perseverance and obstinacy is that one comes from a strong will, and the other from a strong won’t.” ~ Henry Ward Beecher
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
Block IFRAME For Added Protection
If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won’t be long before you see NoScript mentioned. Odds are, you already have.
NoScript is a small program you download and add ‘into’ Firefox to enhance its functionality (these small programs are known variously as “add-ons”, “plug-ins”, and “extensions”– different words for the same concept.)
NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically “blocks” (prevents from running) certain web page ‘elements’ (scripts) — Java, Flash, JavaScript, and XSS– from running unles
s you click the Option button and select “Allow”, or “Temporarily allow”.
Which puts you in control, and goes a long ways toward preventing “drive-by downloads“, and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been “poisoned” by a hacker.
(I don’t mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)
By default, NoScript is a powerful tool (to read the NoScript “About” page, click here) and for many people is the primary reason they have made the switch to Firefox.
(I’ll let you in on a little secret; it is one way to measure a user’s “savvy”.. look for a Firefox icon.)
Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an “attack vector” (aka “method”) with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!
1) In Firefox, click on “Tools”, then “Add-ons”
2) Scroll ’till you find NoScript, and click the “Options” button. (If you have not yet installed NoScript, click the “Get Add-ons” icon in the upper-left.)
3) Click on the Plugins tab. Place a check in the “Forbid <IFRAME>” checkbox.
That’s it. You’re done. Now when you visit a site that uses IFrames, you will have to approve them (aka “whitelist”) before they’ll appear.
[Note: the scripts and tools (Web 2.0 “features”) mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can — and are — being used with criminal intent.]
Today’s free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can’t truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results – Consequences for You
* Firefox users: Update 3.0.3 available today.
Copyright © 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 