Web-based keylogger attack?

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Web-based keylogger attack?

Post by ssj100 on 30/10/2010, 02:24

Dude111 wrote:Yes SSJ,surfing WITH SCRIPTS DISABLED is the best way (However,SOME SITES WONT WORK W/O THEM (Which is a disadvantage))
Yes, but you can simply eg. temporarily allow all scripts for sites and/or keep a white-list of scripts for trusted sites you visit often. It all works out very conveniently whichever way you look at it.

For the majority of web-sites, there is no need to allow every single script to view/use it properly. Many scripts relate to advertising and other "junk" content anyway. Because of this, NoScript may protect a user from malicious scripts on a "dangerous foreign" web-site he/she is visiting. Of course, the fact that a lot of us use a tightly configured Sandboxie perhaps makes NoScript less useful haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 30/10/2010, 03:48

It seems many users on other forums still have no clue about this nifty NoScript configuration to block mixed content:

1. Open NoScript "Options"


2. Click "Advanced"


3. Click "ABE"


4. Click "USER"


5. Type in your rule in the form of this template ( http://ssj100.fullsubject.com/security-f7/web-based-keylogger-attack-t287-15.htm#2288 ):

The above example rule enforces that all http content (except for live.com and twitter.com) will not be displayed on https sites.


The above example rule enforces that all http content will not be displayed on https sites with no exceptions. As far as I can tell, you do need to put that "full stop" after "Accept from" to ensure the code works.

Anyway, once configured as above, this is what the Microsoft test site displays in Firefox (even if the script "microsoft.com" is allowed or even if scripts are globally allowed):

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 30/10/2010, 04:28

Giorgio Maone simplifies things here:

http://forums.informaction.com/viewtopic.php?f=10&t=5269&start=15#p23005

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by noorismail on 30/10/2010, 07:47

Guys,It seems I was too quick to blame NoScript for my problems getting online movies to work.

I have installed version 2.0.4,and have had no problem opening vids at the sites i normally use.(loombo,Stagevu,Hulu,Megavideo.)

I thank this was a case of using something years ago,and having problems
with it from lack of knowledge.

I see the option to show blocked scripts is default off now,and that stops a lot of the pop-ups I remember.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by wat0114 on 2/11/2010, 10:04

The browser security warning, that information I send on the page can be easily read, is enough to steer me away from the site without the need for Noscript. I expect nothing less than full encryption from an https page, so that warning obviously states that something is amiss.

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 2/11/2010, 10:51

Yes, I agree that the warning is pretty obvious (especially for people like us), but it's nice to see the power of NoScript. Also, from what I understand, NoScript actually blocks the unencrypted (http) content and therefore still allows you to safely log into the potentially compromised site (and as I explained previously, it works even if you allowed all scripts to run). Without NoScript, I don't think there's any way to safely log in (with Firefox anyway).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by wat0114 on 2/11/2010, 19:21

That's right, I think, one is not able to safely log in without Noscript. I've tried Noscript long ago, used it for several days, but I found it drove me nuts, as I spent so much time tweaking it to unblock content I wanted to view. Maybe I'll give it another try and put more effort, especially in the early going, to whitelist my commonly visited sites. What you're doing backing up the list in notepad is a good idea.

wat0114
Advanced Member
Advanced Member

Posts : 152
Join date : 2010-05-11

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by Dukeswharf on 8/11/2010, 19:03

ssj100 wrote:https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm

EDIT: I just want to mention that, even before any testing, I'm predicting that every third party software fails this. However, I'm predicting that Firefox with NoScript add-on will pass it.

OS: WinXP SP3
Sandbox: Sandboxie 3.50
Browser: FireFox 3.6.12

I have configured firefox such that it forces https pages to use AES 256. So woodgrove.htm does not even load for me Smile

For anyone interested in configuring FireFox to only use AES 256, enter the following in the url box:


1. In the firefox url box enter 'about:config' (note: without the quotes)
2. In 'filter' enter 'security.ssl3' (note: without the quotes)
3. For every instance of a string that has 'aes_256' in it, make sure it is set to 'true'. You can do this by doble clicking it.
4. For every instance of a string that DOES NOT have 'aes_256' in it, make sure it is set to 'false'.

I have incorporated code into NoScript code (Advanced > ABE > User), which works a treat:


Site .twimg.com
Accept INC(IMAGE) from .twitter.com

Site http:
Deny INC from https:

Thus far I have only been using NoScript in a very basic way, but will now deleve into it a bit deeper methinks.

Dukeswharf
New Member
New Member

Posts : 1
Join date : 2010-11-08

View user profile

Back to top Go down

Re: Web-based keylogger attack?

Post by ssj100 on 9/11/2010, 12:01

I've decided that the best and simplest approach with Firefox would be to use this Firefox NoScript ABE code:

Code:
Site http:
Deny INC from https:

However, I would have it disabled by default. When this pops up:
http://ssj100.fullsubject.com/security-f7/web-based-keylogger-attack-t287.htm#2271
I would simply enable the above code if I still wanted to log in to the potentially compromised site. This way, you won't come across any issues with other genuine sites.

With Internet Explorer, as I said before, even IE 6 can block the potentially dangerous content easily.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Web-based keylogger attack?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum