[LINK] 'perfect storm of trusted website abuse'

Craig Sanders cas at taz.net.au
Sat Feb 28 10:13:24 AEDT 2009


On Fri, Feb 27, 2009 at 05:12:51AM +0000, stephen at melbpc.org.au wrote:
> All of the sites mentioned need to take aggressive steps against these 
> actions. Google needs to make some adjustments to its crawlers, Facebook 
> needs to start verifying and approving third party apps, Twitter needs to 
> start requiring valid email addresses, and users should be wary of 
> shortened URLs supplied by strangers.

or, and here's a novel idea, DON'T LET WEB SITES RUN CODE ON YOUR
COMPUTER JUST BECAUSE YOU VISIT THE SITE.

firefox's NoScript plugin in default "forbid js, flash, java etc until i
explicitly allow it" mode does the job here.

you won't be 100% safe because you can still be tricked into allowing
a site to run scripts, but you WILL be safe from having your computer
hijacked just because you visit a site.

i.e. similar to the recommended best practice for setting up a firewall:
forbid everything by default, allow only those things that you know you
need, and add to the allow list as you find you need to.

craig

-- 
craig sanders <cas at taz.net.au>



More information about the Link mailing list