Comments on: al_9x Was Right, My Router Is Safe

By: شات صوتي

شات صوتي — Thu, 28 Oct 2010 20:47:57 +0000

> my own home router had been vulnerable as well

By: Mark

Mark — Sat, 04 Sep 2010 23:56:33 +0000

I’m glad I ran across this post - the original exploit had me worried. Glad, first, to find that I’m not the only one who took this seriously, and second, to find that there is a counter to it.

By: Peter

Peter — Tue, 10 Aug 2010 20:52:08 +0000

@ Keith G

Maybe you’re having a wrong/bad router :-) My router only support’s Windows or Linux with Firefox incl. noscript and nothing else ;-)

By: Giorgio

Giorgio — Fri, 06 Aug 2010 19:55:48 +0000

@Keith G:
In fact, I never said that NoScript “fixes” your router.
I just said that MY router is safe, since I browse the web only with Firefox + NoScript :)

By: Keith G

Keith G — Fri, 06 Aug 2010 16:47:22 +0000

@Giorgio:
@Hänsel Würstchen makes a valid point that the security vulnerability existing in the router is NOT fixed by NoScript. NoScript is only able to prevent your browser exploiting the vulnerability. But when your mother-in-law comes to stay and plugs her laptop running IE into your network, the routers vulnerability becomes a problem again, and there’s nothing you can do about it.

By: Giorgio

Giorgio — Mon, 02 Aug 2010 21:53:12 +0000

@Hänsel Würstchen:
Let me disagree. The issue at hand (which may be rectified by a firmware upgrade or, in some cases, specific firewall rules) is not a vulnerability per se, but it does become a vulnerability as soon as my web browser acts as a “proxy” between the internet and my LAN.
Therefore if I browse the web only with Firefox + NoScript my router is safe, as the title says.
This doesn’t mean that as soon as a firmware upgrade is available I will refuse to install it ;)

By: Hänsel Würstchen

Hänsel Würstchen — Mon, 02 Aug 2010 18:01:22 +0000

> my own home router had been vulnerable as well

Please excuse my smartarseness, but I would argue that your home router is still vulnerable and you are now merely protected against attacks against your router utilising your Firefox installation.
I value NoScript and I am happy about this feature but protecting silly home routers is nothing NoScript will ever be able to reliably achieve. Therefore you should make clear that this is only some sort of workaround for an issue which in most cases can only be fixed with a firmware upgrade.
Thank you.

By: FirefoxFan

FirefoxFan — Mon, 02 Aug 2010 09:56:39 +0000

@frank goossens
Best and least disruptive protection would be if Firefox shipped with these additional features as default prefs, with the more user-troublesome ones exposed in the Firefox gui and the more dangerous ones kept under the hood.
But that would mean Mozilla committing actual funds and staff to handing back a lot more control of the browser to the user than the Web wants them to..because the Web wants the lazy path to get at people’s money and wants users to remain nice and ignorant about just how many holes most Web pages contain.
http://hackademix.net/2008/01/12/malware-20-is-now/

Just saying :-) I’m pleased that Mozilla remain committed to the anarchy of Firefox overall. It could have been so much worse when they went corporate.

By: frank goossens

frank goossens — Mon, 02 Aug 2010 08:07:25 +0000

Noscript with "Allow script globally (dangerous)" indeed offers great non-disruptive protection, I have it installed on my wife’s and father-in-law’s PC’s that way.

So wouldn’t it be great if there was alternative version of noscript that came with a minimal UI and non-script-blocking out of the box, aimed at non-techie users? call it "Secure browsing" & start protecting the non-geeky masses (even if not as thorough as in blocking mode)? :)