8
Jul
2009
Firefox Aims to Unplug Scripting Attacks
How websites can block code from unknown sources.
Sites that rely on user-created content can unwittingly be employed to attack their own users via JavaScript and other common forms of Web code. This security issue, known as cross-site scripting (XSS), can, for example, allow an attacker to access a victim’s account and steal personal data.
Now the makers of the Firefox Web browser plan to adopt a strategy to help block the attacks. The technology, called Content Security Policy (CSP), will let a website’s owner specify what Internet domains are allowed to host the scripts that run on its pages.
“In this case, they are not creating a new technology alternative to HTML, nor protecting the user against an existing problem,” says Eduardo Vela, an independent security researcher who will talk about XSS attacks at next month’s Black Hat security conference, in Las Vegas. “They are actually removing the features in HTML that allowed these problems in the first place.” Read the rest of this entry »
6
Feb
2009
How to Surf the Web Anonymously with Proxies
One of the easiest ways to hide your computer, and thus hide you, while on the web is to use proxies. Proxies act as a computer between you and the rest of the web. When you are surfing the web through a proxy, any web servers you connect to, actually think you are connecting from the proxy computer. You can, for instance, connect to the web through a proxy in Japan even though you could be in the United States. Any web server you connect to will think you are connecting from Japan, and would direct you to a Japanese version of their web page (if a Japanese version were available). Read the rest of this entry »
