Slashdot Mirror

← Back to Domains

Domain: hackademix.net

Stories and comments across the archive that link to hackademix.net.

Stories · 7

  1. NoScript For Android Devices Released

    Mobile · Android · · posted by Soulskill · from the temporarily-allow-dept-line dept. · 107 comments
    Trailrunner7 writes "The new version of NoScript, the popular browser add-on that blocks JavaScript and other embedded objects from running on Web pages, is out in alpha form. It can now run on Android-based smartphones, giving users protection against script-based attacks on their mobile devices. The release of NoScript Anywhere includes a variety of new features, but it's the support for Firefox Mobile that is the big attraction. The add-on for Android devices is meant to mimic the desktop version, giving users the ability to set permissions for each individual site and use a default policy for restricting content. NoScript also now includes an anti-clickjacking feature and an anti-XSS filter designed to protect users from cross-site scripting attacks. The new version also works on Maemo-based phones and tablets."

  2. NoScript Awarded $10,000

    It · Security · · posted by CmdrTaco · from the useful-little-tools dept. · 178 comments
    An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."

  3. Fixes Released (and More Promised) For "Clickjacking" Exploits

    It · Security · · posted by timothy · from the no-death-penalty-for-online-jerks dept. · 70 comments
    An anonymous reader writes "As discussed previously on Slashdot, concern has been raised over a class of 'clickjacking' vulnerabilities which affect all major Web browsers. These exploits allow an attacker to place invisible or seemingly legit objects on a Web page that perform undesired actions when a user clicks on them. In recent developments, 'Guya' posted a scary proof-of-concept that hijacks Adobe Flash Player to spy on users with a webcam and/or microphone. In response, Adobe released an advisory with a temporary workaround, and stated that a future Player update will address the exploit. This prompted the original disclosers of the vulnerabilities to post a summary of the exploits. Additionally, Giorgio Maone, creator of the popular NoScript extension for Firefox and other Gecko-based browsers, released version 1.8.2.1 of NoScript, which adds 'ClearClick,' a feature that intercepts clicks made on invisible or otherwise obscured elements on a page. Although issues remain, there seems to be progress in addressing these security problems."

  4. GoogHOle Exploits GMail, Picasa and 200K Other Sites

    Tech · Google_Fb · · posted by CmdrTaco · from the hate-when-that-happens dept. · 167 comments
    Giorgio Maone writes "Multiple Google-targeted exploits disclosed in the past 3 days could compromise your GMail account, steal your pictures from Picasa or impersonate you on almost 200,000 big sites which outsourced their search engines (vulnerabilities included in the price). If even Google, a very reactive company when web security matters, does face this kind of problems, how serious is the threat and what can you do, as a "normal" web user, to protect yourself?"

  5. GoogHOle Exploits GMail, Picasa and 200K Other Sites

    Tech · Google_Fb · · posted by CmdrTaco · from the hate-when-that-happens dept. · 167 comments
    Giorgio Maone writes "Multiple Google-targeted exploits disclosed in the past 3 days could compromise your GMail account, steal your pictures from Picasa or impersonate you on almost 200,000 big sites which outsourced their search engines (vulnerabilities included in the price). If even Google, a very reactive company when web security matters, does face this kind of problems, how serious is the threat and what can you do, as a "normal" web user, to protect yourself?"

  6. United Nations vs SQL Injections

    It · Security · · posted by CmdrTaco · from the virtual-security-is-hard-too dept. · 144 comments
    Giorgio Maone writes "The United Nations web site has been defaced by 3 crackers who replaced the speeches of the Secretary-General Ban Ki-Moon with their own pacifist message. This article briefly analyzes the exploited vulnerability and the technology used on the server, both quite surprising to find in such a high profile site."

  7. The Java Popup you Can't Stop

    It · Security · · posted by CmdrTaco · from the once-you-pop dept. · 480 comments
    An anonymous reader writes "In his brand new hackademix.net blog, Giorgio Maone, known as the author of the NoScript security extension for Firefox, reveals how popup blockers can be easily circumvented using Java. Worse, popups opened this way are really evil, because they can be sized to cover the whole desktop (the wet dream of any phisher) and cannot be closed by user (the wet dream of any web advertiser). Impressive demos available, all cross-browser and cross-platform, in the best Java tradition: 'Write once, hack anywhere' "