05 11 2012Giorgio in Italy, Personal, Mozilla, Security
No kidding, this is what I’ve been shown this afternoon by Unicredit’s payment processor when I was trying to make a payment with my own credit card (which, incidentally, is itself fed by a Unicredit bank account) on behalf of my sister:
04 11 2012Giorgio in Clickjacking, Mobile, CSRF, XSS, Security, Mozilla, NoScript
NSA++ (NoScript Anywhere Plus Plus, or NoScript 3.5 alpha for Android Native) has been in the works for a while now, and it’s finally ready for prime time, thanks also to the continuous help of the NLNet Foundation.
Even if it’s not as complete as its legacy Electrolysis-orphaned obsolete predecessor (NSA, designed for the now discontinued XUL Fennec, AKA Firefox 4 Mobile) yet, NSA++ already provides the best security you can get in any mobile browser: beside its trademark flexible script blocking facility, it features the first ever and still strongest XSS filter available, plus partial but functional portings of the unique ClearClick anti-Clickjacking technology and ABE’s firewall/LAN CSRF protection.
Answering yesterday’s <Glazblog/> post: here’s your WYSIWYP (What You See Is What You Print) bookmarklet, to be dragged onto your bookmarks bar and used as an alternate Print button which strips away all the printer-specific styles and restores them after printing.
Tried on Firefox only, it’s likely buggy as hell: the W3C FAQ page comes out fine and dandy, complete with its logo and all, but the ERCIM page looks remarkably ugly. Anyway I’m confident my audience can amend and give back :)
As promised, I refined the AntiGareth bookmarklet I introduced yesterday by making it aim precisely at those Unicode code points (mostly combining characters) which are found to bleed vertically by this canvas-based scanner.
Warning: I’m hosting the scanner on evil.hackademix.net because it amounts to a quite effective DOS attack against your CPU, especially on Firefox (which, on the other side, finds much more “overbleeders” than Chrome): you’ll probably want to click the “STOP” button after \u20d2. Could anybody explain the awful speed difference, by the way?
However, I’m sure the script can be improved, both accuracy and performanc wise, hence patches and forks are welcome. Enjoy :)
Bad Behavior has blocked 3420 access attempts in the last 7 days.