Noscript promotes Malware?

Chat about just about anything else
User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Noscript promotes Malware?

Post by chrisuk »

From last year, but I can't find mention of it in the forums:

https://liltinkerer.surge.sh/noscript.html

Thoughts?
Chris

Manjaro MATE - MX Linux - LMDE MATE
User avatar
majpooper
Level 6
Level 6
Posts: 1250
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: Noscript promotes Malware?

Post by majpooper »

Interesting - several folks have recommended NoScript on this forum in the past.
You really have to be careful about what extensions you add to your browser.
So far I have been lucky, I hope anyway.
I only have a few extensions on FireFox ( Lastpass for my password vault, HTTPS Everywhere, uBlock and Privacy Badger). I run FF in firejail and blacklisted everything including /media except for Downloads. Sometimes I have to take an extra step or two to move things around or open up a link from Thunderbird (also in firejail) but I am used to it and everything is locked down - or at least I live that illusion.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4221
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: Noscript promotes Malware?

Post by Fred Barclay »

Hmm... but a well-known, former NSA and CIA contractor who used to live in Hawaii and now resides in Moscow apparently recommended NoScript. The Tor Browser Bundle also comes with NoScript. :?

I'll be following this with quite some interest - I've been using NoScript for quite some time now!
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
User avatar
Moem
Level 20
Level 20
Posts: 11415
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Noscript promotes Malware?

Post by Moem »

Fred Barclay wrote:I'll be following this with quite some interest - I've been using NoScript for quite some time now!
You and me, both.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
User avatar
Schultz
Level 7
Level 7
Posts: 1956
Joined: Thu Feb 25, 2016 8:57 pm

Re: Noscript promotes Malware?

Post by Schultz »

My first thought after reading the article is, if this came out a year ago, why am I just hearing about it now? Usually things like this cause massive outrage and backlash. I'm a little skeptical, but also a little concerned.
stereo555
Level 1
Level 1
Posts: 28
Joined: Sat Apr 02, 2016 12:27 pm

Re: Noscript promotes Malware?

Post by stereo555 »

There is one comment under that article, and a quote from that comment is "Good news is that on 04/05/2009 Giorgio (Noscript author ) released statement where he deeply apologized for his actions". Sounds to me like the original article is at least eight years old and someone dug that up and possibly reposted it in 2016. I'd be very surprised if there were issues with current versions of NoScript.
User avatar
Schultz
Level 7
Level 7
Posts: 1956
Joined: Thu Feb 25, 2016 8:57 pm

Re: Noscript promotes Malware?

Post by Schultz »

What comment? I don't see any.

EDIT:
Never mind, it was being blocked by NoScript. :) Looks like there's no story here, folks. My first though was correct.
User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Re: Noscript promotes Malware?

Post by chrisuk »

The comments being referred to are about messing with Adblock Plus in 2009... this story is about what the developer is/was still doing in 2016. I don't have any Windows boxes here, I'd be interested in what Windows users see on the Noscript website.

(@Shultz: Please read the whole article, including the date, before giving false reassurance to people... there are no comments below the article I posted. This is a story until someone posts facts disputing it... not conjecture.)

I have used Noscript for years, but I changed to uMatrix a while ago - I am keen that someone disputes the story about Noscript, as I know Windows users that still use it.
Chris

Manjaro MATE - MX Linux - LMDE MATE
User avatar
Faust
Level 5
Level 5
Posts: 500
Joined: Thu Jul 14, 2016 3:40 am

Re: Noscript promotes Malware?

Post by Faust »

Moem wrote:
Fred Barclay wrote:I'll be following this with quite some interest - I've been using NoScript for quite some time now!
You and me, both.
I also have been using NoScript for many years without any problems , so this thread got my full attention .

That article is indeed a repost from an earlier one ( the text is lifted directly ; only the presentation is different ) .
It does appear from the tone of it as if the author has "an axe to grind " .

On the more general aspects of extensions being open to malicious activity , there is a good article here concerning
" extension-reuse vulnerability" , and NoScript is mentioned specifically :-

https://www.theregister.co.uk/2016/04/0 ... efab_tool/

to quote :-
" .... the extension framework really is a backdoor for potentially untrusted third parties to run code in a highly-privileged context,
....We really shouldn't have trust in the extension authors. "


@chrisuk
I have a Windows 7 machine here and can post a screenshot if you let me know which part of the NoScript site you'd like to see .
Last edited by Faust on Mon Aug 21, 2017 3:14 am, edited 1 time in total.
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .
User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Re: Noscript promotes Malware?

Post by chrisuk »

Faust wrote:
Moem wrote:
Fred Barclay wrote:I'll be following this with quite some interest - I've been using NoScript for quite some time now!
You and me, both.
I also have been using NoScript for many years without any problems , so this thread got my full attention .

That article is indeed a repost from an earlier one ( the text is lifted directly ; only the presentation is different ) .
It does appear from the tone of it as if the author has "an axe to grind " .

On the more general aspects of extensions being open to malicious activity , there is a good article here concerning
" extension-reuse vulnerability" , and NoScript is mentioned specifically :-

https://www.theregister.co.uk/2016/04/0 ... efab_tool/

to quote :-
" .... the extension framework really is a backdoor for potentially untrusted third parties to run code in a highly-privileged context,
....We really shouldn't have trust in the extension authors. "


.
Could you post a link to the "original" article that mentions the Malware on the Noscript website please? The one that the text was "lifted" from. As I see no mention of this in the 2009 Adblock article... but it's early here ;)
Faust wrote:[@chrisuk
I have a Windows 7 machine here and can post a screenshot if you let me know which part of the NoScript site you'd like to see .
The part illustrated in the screenshot in the article I linked to, I guess. I might setup a VM and explore the developer's website with Windows XP.
Chris

Manjaro MATE - MX Linux - LMDE MATE
User avatar
catweazel
Level 19
Level 19
Posts: 9885
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Noscript promotes Malware?

Post by catweazel »

Schultz wrote:My first thought after reading the article is, if this came out a year ago, why am I just hearing about it now? Usually things like this cause massive outrage and backlash. I'm a little skeptical, but also a little concerned.
My first thought is it's the ravings of a lunatic.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
User avatar
Faust
Level 5
Level 5
Posts: 500
Joined: Thu Jul 14, 2016 3:40 am

Re: Noscript promotes Malware?

Post by Faust »

@chrisuk

Correction :

I've just found the article I mentioned , and it is later , by a few months
.... brain fart here , sorry !

http://leonardomusumeci.net/en/2016/10/ ... e-malware/

On a W7 machine :-

I can't see anything that immediately appears alien
Privacy Badger shows two tracking cookies on the NoScript site

api.flattr(dot)com
button.flattr(dot)com

uBlockO shows flattr(dot)com

screenshot :-
NoScript.png
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .
User avatar
killer de bug
Level 14
Level 14
Posts: 5399
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: Noscript promotes Malware?

Post by killer de bug »

The author of this article is developing ad-blocking scripts. They are defeated by NoScript. Conflict of interest you said?

The best way to describe this story:
After reading the article, it seems like the title should be Malware Delivery Networks (aka ADNs) are harmful and distribute malware.

Which isn't a novel discovery at all. Non-static adverts, especially if distributed from a third-party, are very risky and they should always be blocked on security grounds alone. You can blame the NoScript developer for using ADNs, but you should blame anyone who uses ADNs.

https://www.reddit.com/r/linux/comments ... s_malware/
If it ain't broke, fix it until it is.
User avatar
Schultz
Level 7
Level 7
Posts: 1956
Joined: Thu Feb 25, 2016 8:57 pm

Re: Noscript promotes Malware?

Post by Schultz »

chrisuk wrote:
(@Shultz: Please read the whole article, including the date, before giving false reassurance to people... there are no comments below the article I posted. This is a story until someone posts facts disputing it... not conjecture.)
The reddit link killer de bug posted seems to confirm my reassurances.

https://www.reddit.com/r/linux/comments ... s_malware/
Penn
Level 5
Level 5
Posts: 752
Joined: Tue Jun 10, 2014 1:12 pm

Re: Noscript promotes Malware?

Post by Penn »

chrisuk wrote:This is a story until someone posts facts disputing it... not conjecture.
I notice a lot of people think conjecture and facts are the same thing on the internet. Before there were even replies to this thread I dug a little deeper.

More than 8 years ago the writer of Noscript was criticized for multiple things including whitelisting, by default, his own site which had content Noscript was designed to block (unless you whitelist it) and more than one person found malware in those whitelisted advertisements. The appearance is the "article" is from last year and the author of the article referenced past behaviors including what happened 8 years ago. 8 years ago the Noscript author apologized for multiple indiscretions so the comment was more recent but the apology was long ago (or at least it appears so and I agree with Chris, until evidence is presented otherwise the appearance is how it is).

As for the current, it appears the author of the article claims those ads are still a threat since when you update Noscript the homepage opens (common practice when updating apps or addons) and all advertisements are whitelisted.

I vaguely remember Noscript and other addons being exposed as vectors of attack, by way of the the format Mozillas addons are written, right here on this board some time ago but I think that was fixed. Sandboxing was also shown to be a possible vector at one time but I believe that was fixed too.
Penn
Level 5
Level 5
Posts: 752
Joined: Tue Jun 10, 2014 1:12 pm

Re: Noscript promotes Malware?

Post by Penn »

Fred Barclay wrote:Hmm... but a well-known, former NSA and CIA contractor who used to live in Hawaii and now resides in Moscow apparently recommended NoScript. The Tor Browser Bundle also comes with NoScript. :?

I'll be following this with quite some interest - I've been using NoScript for quite some time now!
A contractor for the intelligence agencies that have now been proven to have hacking tools for all OSs and browsers recommends Noscript? Noscript is used by Tor which was itself conceived by and partially developed by governmental intelligence agencies?

Yeah, that is reassurance.
User avatar
Schultz
Level 7
Level 7
Posts: 1956
Joined: Thu Feb 25, 2016 8:57 pm

Re: Noscript promotes Malware?

Post by Schultz »

chrisuk wrote:
@Shultz: Please read the whole article, including the date, before giving false reassurance to people... there are no comments below the article I posted.
I hate being called a liar. :x Proof below. And I did read the date, it says 06 Jun 2016. That's why I wrote "if this came out a year ago." Actually it's over 14 months ago.
Untitled.jpg
User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Re: Noscript promotes Malware?

Post by chrisuk »

Schultz wrote:
chrisuk wrote:
@Shultz: Please read the whole article, including the date, before giving false reassurance to people... there are no comments below the article I posted.
I hate being called a liar. :x Proof below. And I did read the date, it says 06 Jun 2016. That's why I wrote "if this came out a year ago." Actually it's over 14 months ago.

Untitled.jpg
You've done it again, you've seen what you want to see and not what's there... That comment (which I don't see in my browser, is referring to the Adblock code in 2009, NOT the Uniblue Malware that was on the Noscript website in 2016.

This isn't the first time that you've apparently skimmed through text and rushed to comment: you falsely attributed a quote to me a few weeks ago (I won't link to the thread, you know you did it and the posters that followed know too, yet you neither admitted your mistake nor retracted the false allegation), when in fact I was responding to another user's post by quoting that user. I can't think of a good reason to engage in any further discussion with you on this or any future subject.
Chris

Manjaro MATE - MX Linux - LMDE MATE
User avatar
Schultz
Level 7
Level 7
Posts: 1956
Joined: Thu Feb 25, 2016 8:57 pm

Re: Noscript promotes Malware?

Post by Schultz »

@chrisuk What date are you talking about? I see the date of the article as 06 Jun 2016. The date of the comment says 5 months ago. Where am I wrong?

As to the other post you're talking about, I don't recall. Are you sure you got the right person? If I'm wrong I'll admit it. But I can't if you don't link to it.

EDIT:
Searched your posts back into May. I don't see anywhere where you and I got into a tiff. Am I missing it or is this a case of mistaken identity? Until you can find the post you're talking about, I think you're the one who needs to apologize for a false accusation.
User avatar
chrisuk
Level 5
Level 5
Posts: 592
Joined: Thu Jun 12, 2008 6:16 am

Re: Noscript promotes Malware?

Post by chrisuk »

Schultz wrote:@chrisuk What date are you talking about? I see the date of the article as 06 Jun 2016. The date of the comment says 5 months ago. Where am I wrong?

As to the other post you're talking about, I don't recall. Are you sure you got the right person? If I'm wrong I'll admit it. But I can't if you don't link to it.

EDIT:
Searched your posts back into May. I don't see anywhere where you and I got into a tiff. Am I missing it or is this a case of mistaken identity? Until you can find the post you're talking about, I think you're the one who needs to apologize for a false accusation.
I couldn't find the thread, maybe it was deleted, but no matter, Google saves everything: here's the thread with your post that I described from Google's cache... read the whole thread and you'll see that I've nothing to apologise for, you OTOH...

https://webcache.googleusercontent.com/ ... p?t=249644

(I'm done with this now)
Chris

Manjaro MATE - MX Linux - LMDE MATE
Locked

Return to “Open chat”