Saturday, September 27, 2008

Block IFRAME For Added Protection

If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won't be long before you see NoScript mentioned. Odds are, you already have.

NoScript is a small program you download and add 'into' Firefox to enhance its functionality (these small programs are known variously as "add-ons", "plug-ins", and "extensions"-- different words for the same concept.)

NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically "blocks" (prevents from running) certain web page 'elements' (scripts) -- Java, Flash, JavaScript, and XSS-- from running unlesNSOptss you click the Option button and select "Allow", or "Temporarily allow".

Which puts you in control, and goes a long ways toward preventing "drive-by downloads", and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been .
(I don't mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)

By default, NoScript is a powerful tool (to read the NoScript "About" page, ) and for many people is the primary reason they have made the switch to Firefox.
(I'll let you in on a little secret; it is one way to measure a user's "savvy".. look for a Firefox icon.)

Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an "attack vector" (aka "method") with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!

1) In Firefox, click on "Tools", then "Add-ons"
Add-ons 
2) Scroll 'till you find NoScript, and click the "Options" button. (If you have not yet installed NoScript, click the "Get Add-ons" icon in the upper-left.)
NoScript
3) Click on the Plugins tab. Place a check in the "Forbid <IFRAME>" checkbox.

That's it. You're done. Now when you visit a site that uses IFrames, you will have to approve them (aka "whitelist") before they'll appear.

[Note: the scripts and tools (Web 2.0 "features") mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can and are being used with evil intent.]

Today's free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can't truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results - Consequences for You

* Firefox users: Update to 3.0.3 today.

Copyright © 2007-8 Tech Paul. All rights reserved.jaanix post to jaanix

No comments: