Notice to mariners: starting with NoScript version 188.8.131.52 (ATM still a RC) and next version of FlashGot (184.108.40.206, most likely) the packages (XPIs) of my Firefox add-ons won’t be signed anymore.
Almost no other Firefox extension gets signed these days (NoScript and FlashGot had been among the earliest and few for a long time), and AMO being the only authorized repository you can install the add-on from by default, there’s little or no point in keeping the relatively expensive and clunky signature machinery in place.
You probably noticed AMO lags quite a lot behind stable versions. That’s because the editorial staff manually checks every line of code published as “stable” for security issues and known performance problems. Therefore, if you’d like to always run the latest and safest (a good idea for a security tool like NoScript), you may want to switch to the fast lane, i.e. the automatically up-to-date beta channel, by installing 220.127.116.11rc1 now.
Posted by: Giorgio in Mozilla, Security, NoScript
Maybe you haven’t noticed yet (and I admit it’s not an exceedingly discoverable thing), but for a long time now NoScript has offered a “Security and Privacy Info” page.
This feature is meant to help you assess the trustworthiness of any web site shown in your NoScript menu.
You can access this service by middle-clicking or shift-clicking the relevant menu item.
Furthermore, power users can customize it by changing the value of their noscript.siteInfoProvider about:config preference to any URL template of their choice.
Posted by: Giorgio in Personal, Mozilla
Annuntio vobis gaudium magnum:
Eminentissimum ac reverendissimum Dominum,
Dominum Albertum Maonem,
Qui sibi nomen imposuit Einstenium.
No kidding, this is what I’ve been shown this afternoon by Unicredit’s payment processor when I was trying to make a payment with my own credit card (which, incidentally, is itself fed by a Unicredit bank account) on behalf of my sister:
Of course, there’s always a lot to learn from a big fat financial institution about information security…
NSA++ (NoScript Anywhere Plus Plus, or NoScript 3.5 alpha for Android Native) has been in the works for a while now, and it’s finally ready for prime time, thanks also to the continuous help of the NLNet Foundation.
Even if it’s not as complete as its legacy Electrolysis-orphaned obsolete predecessor (NSA, designed for the now discontinued XUL Fennec, AKA Firefox 4 Mobile) yet, NSA++ already provides the best security you can get in any mobile browser: beside its trademark flexible script blocking facility, it features the first ever and still strongest XSS filter available, plus partial but functional portings of the unique ClearClick anti-Clickjacking technology and ABE’s firewall/LAN CSRF protection.
You can read more or try it with a recent Firefox Nightly (mobile or desktop, too!) on the NSA project page.