An Introduction to NoScript
If you’ve been sleeping through the past weekend, you probably haven’t heard about “Mikeyy” and the Cross-Site Scripting worms which have been plaguing Twitter. Saving ranting and rhetoric for a separate post, an ethical reaction to this is to attempt to educate people as to how they can protect themselves from things like this in the future. Since I am often extolling the virtues of NoScript, and routinely suggest it as a counter measure, I figured this would be a good time to write up a tutorial on the subject (and I’ve gotten several requests for it as well). NoScript …
Synchronicity?
I managed to make it to the informal #novasecluncheon meetup in DC today. A conversation topic was Rob Fuller and Rafal Los‘ recent run-in’s with an insecurely configured tinyurl (which was picked up by the media). Discussion also followed about the issues with a site being owned (bad enough) with the exponential implications of problems going through that site (much worse). Once everyone gets done with lunch and back to their routine, what do we see? It appears that someone has managed to XSS Twitter successfully. Is that timing, or what? I’ve been meaning to save this up for another …