[LINK] 'perfect storm of trusted website abuse'
Craig Sanders
cas at taz.net.au
Sat Feb 28 10:13:24 AEDT 2009
On Fri, Feb 27, 2009 at 05:12:51AM +0000, stephen at melbpc.org.au wrote:
> All of the sites mentioned need to take aggressive steps against these
> actions. Google needs to make some adjustments to its crawlers, Facebook
> needs to start verifying and approving third party apps, Twitter needs to
> start requiring valid email addresses, and users should be wary of
> shortened URLs supplied by strangers.
or, and here's a novel idea, DON'T LET WEB SITES RUN CODE ON YOUR
COMPUTER JUST BECAUSE YOU VISIT THE SITE.
firefox's NoScript plugin in default "forbid js, flash, java etc until i
explicitly allow it" mode does the job here.
you won't be 100% safe because you can still be tricked into allowing
a site to run scripts, but you WILL be safe from having your computer
hijacked just because you visit a site.
i.e. similar to the recommended best practice for setting up a firewall:
forbid everything by default, allow only those things that you know you
need, and add to the allow list as you find you need to.
craig
--
craig sanders <cas at taz.net.au>
More information about the Link
mailing list