hackademix.net

Firefox's Immune System

IE's XSS Filter Creates XSS Vulnerabilities

5 Responses to “PayPal is Safer with NoScript”

1. #1 Alan Baxter says:
   November 7th, 2009 at 7:38 pm

   Does it hurt anything if I to continue to force *.paypal.com using the NoScript Force HTTPS facility while never forcing email*.paypal.com?

2. #2 GµårÐïåñ says:
   November 7th, 2009 at 10:35 pm

   Well despite the fact that PayPal totally sucks and I hate having to deal with them at all, it is good news that at least with NoScript they are safer to use. I would still be interested to know about what Alan asked, is it a replacement (or redundant) to using Force HTTPS or can they be used in conjunction? If so, will they cause any issues?

3. #3 Giorgio says:
   November 8th, 2009 at 12:33 am

   @Alan Baxter:
   No, using the NoScript Options|Advanced|HTTPS stuff doesn't hurt anything on STS-enabled sites.

   Actually, the "normal" (user-driven) HTTPS-enforcing NoScript features can be used to customize STS: for instance, the "never force HTTPS" list does affect STS, allowing you to state user-driven exceptions to the server-driven enforcement.

4. #4 PayPal is Safer with NoScript [ hackademix.net ] says:
   November 8th, 2009 at 1:46 am

   [...] PayPal is Safer with NoScript Found 2 hours, 14 minutes ago Strict Transport Security STS has gone live on PayPal yesterday STS is a simple yet effective system for web sites requiring high safety levels eg payment gateways or financial institutions to force HTTPS connections on every request originated by supporting browsers It is currently supported by NoScript Chrome 4 beta and Sid Stamm8217s Force TLS Together with NoScript8217s From: hackademix.net [...]

5. #5 uberVU - social comments says:
   November 22nd, 2009 at 10:54 pm

   Social comments and analytics for this post

   This post was mentioned on Twitter by planetmozilla: Giorgio Maone: PayPal is Safer with NoScript: Strict Transport Security (STS) has gone live on PayPal yesterday.. http://bit.ly/3YqKe2