Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: NoScript 2.0 released - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
NoScript 2.0 released

Paul wrote in to tell us about the new version of NoScript just out ==> http://noscript.net/

The main new feature is protection against the Craig Heffner's DNS rebinding attack that's getting some press, which will be presented at Blackhat.this week ==> http://www.blackhat.com/html/bh-us-10/bh-us-10-briefings.html#Heffner

The protection is pretty simple - look up the public ip of the workstation, and place it in the LOCAL pseudo list.  It uses a public site https://secure.informaction.com/ipecho for this - I can't comment at this time if this is a "safe" site to use for this or not.

If anyone has more info on this please feel free to comment.

=============== Rob VandenBrink Metafore ===============

Rob VandenBrink

458 Posts
ISC Handler
"There's no hope for you and no point in looking for security enhancements, while you keep using an unsafe wannabe web browser"

The message above kind of turned me off.
Dean

135 Posts Posts
Interesting article related to this vulnerability:
http://blog.opendns.com/2010/07/27/calling-craig-heffner/
MGuirao

13 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!