More than ever time to install NoScript in firefox or flock browser!

Hi malware fighters and blockers of malicious scripts,

As others have experienced a rapidly growing increase of respectable trusted sites being injected with malicious script via SQL injections and so-called iFrame hacks, the use of a script blocking extension like NoScript is no luxury anymore, even will the avast shield protects the browser user also from connecting to these threats.
Therefore I placed the following posting on the official NoScript webforum:

The web seems to be teaming with so-called malicious SQL-injections and iFrame hacks, and all these were found to be on respectable trusted sites that were being hacked apparently for malicious purposes. Here is information about this malware: http://www.microsoft.com/security/porta ... director.H In general about these SQL-injecting threats see: http://blogs.technet.com/antimalware/ As a malware fighter at the avast web-forum we saw a definite increase of people that mention to be victims of this kind of malware or site with malicious obfuscated script that is being flagged. So I think a situation is now being created that using a web-browser without script blocking is no longer feasible. I know I hold an extreme view, but I think we are rapidly getting to this situation now where users without good protection inside browsers are leaving the Internet because of mentioned threat frustrating their online experience. For just a couple of examples of mentioned threats look here: http://forum.avast.com/index.php?topic=44728.0 http://forum.avast.com/index.php?topic=44700.0 http://forum.avast.com/index.php?topic=44702.0 http://forum.avast.com/index.php?topic=44735.0 http://forum.avast.com/index.php?topic=44703.0 And so we can go on and on and on, so keep your NoScript visors up, my friends,

polonus

So many it is hard to keep up with the new topics about them, there was a rash of them about a month ago and then it quietened down, but now they are back with a vengeance.

I would hate to be a non-avast user as it is one of the very few that even checks for this. Unless you are using firefox with NoScript and iframes blocked (not a default setting I believe?).

Hi DavidR,

Yes you can make this setting in Options - Plugins, but you are always protected with NoScrip against malicious iFrames because these running outside the borders and the domain that you allowed are being blocked on all occasions by default, as Giorgio Maone the maker of the extension asserted me. It blocks every object from a site marked as untrusted, and that is tagged in Options by default.

polonus

But I’m talking about NoScript (not the firefox plugins option) a iframe is treated differently to scripts by NoScript and I guess that is why it needs to be there as and option, if it were treated the same as scripts then the option wouldn’t be necessary. So if Giorgio Maone assures you it blocks all objects in an untrusted site (see below) then why the option as it seems redundant.

Untrusted sites (in my mind) are somewhat different to sites that you arrive at during the course of browsing, they are effectively unclassified, neither Allowed or Untrusted as you have to select those options.

What I’m saying is that this option isn’t enabled/checked by default. So your punter with NoScript would be unaware that they aren’t protected or even that the option exists.