Site to See: NoScript

By John Wagley
Web surfing can expose users to attacks from executable content. Cross-site scripting attacks, which can inject malware into visitors’ browsers, are increasingly common. But the NoScript add-on can block Java and other potentially dangerous executables from downloading without user permission.
 The tool takes some getting used to as users must accept frequently visited domains and individual Web pages. Permission can be granted temporarily or indefinitely. (A relatively new feature permits the automatic trusting of domains listed in browser bookmarks). It is possible, of course, that malicious scripts can run on trusted sites. In most cases, however, the dangerous scripts are hosted on a separate (untrusted) domain. Check out this month’s site to see.




The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.