POKÉMANIAC SIPH wants to fight! @Siphonay

1 post1 participant0 posts today

**Pedro J. Hdez** @ecosdelfuturo@mstdn.social · 2025-03-04T14:00:00.000Z

Pedro J. Hdez @ecosdelfuturo@mstdn.social

Por eso mismo hace años que siempre tengo instalada la extensión NoScript. Incluso aunque esté deshabilitada globalmente (de otra forma requiere un montón de trabajo de gestión de permisos), te avisa de la ejecución de scripts cruzados que suelen ser los vectores de ataque más probables.

https://cside.dev/blog/thousands-of-websites-hit-by-four-backdoors-in-3rd-party-javascript-attack

Vía @fernand0

c/side · Mar 4Thousands of websites hit by four backdoors in 3rd party JavaScript attackWhile analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

#NoScript #JavaScript

16h *

**argv minus one** @argv_minus_one@mastodon.sdf.org · Mar 2 *

argv minus one @argv_minus_one@mastodon.sdf.org

@halibut

NoScript, the old Firefox extension? I stopped using it because I started seeing third-party ads and cookies on the #NoScript website. Switched to #uMatrix.

I wish uMatrix was still maintained. It is excellent.

@stemy @davidrevoy @mullvadnet @torproject

Mar 2 *

**zeitgenosse** @zeitgenosse@graz.social · Dec 17, 2024 *

zeitgenosse @zeitgenosse@graz.social

$ pip3 search something
...
RuntimeError: PyPI no longer supports 'pip search' [...]. Please use https://pypi.org/search (via a browser) instead. [...]

Sure, no problem. Let's see …

»JavaScript is disabled in your browser. Please enable JavaScript to proceed.«

Urgh, but okay, #pip is a #Python package manager, they're good guys. Let me just open #NoScript and temporarily allow pypi.org ... oh no, it wants to run #JavaScript from …

ethicalads.io
fastly-insights.com
googletagmanager.com
gstatic.com
statuspage.io

That's what you get after 30 years of using the term #OpenSource instead of #FreeSoftware.

PyPISearch resultsThe Python Package Index (PyPI) is a repository of software for the Python programming language.

Dec 17, 2024 *

**NoScript** @noscript@mastodon.social · Nov 6, 2024

NoScript @noscript@mastodon.social

#NoScript 11.5.x is out (#Firefox & @torproject only)

Main news:

Minimum compatibility bumped from Firefox 59 to 115, allowing for huge code modernization opportunities (11.4.44rc1 is still available for older browsers and #chrome in forced MV2 mode)
Switched NoScript and the NoScript Commons Library to a fully stateless architecture: a major step toward #MV3 compatibility (coming with NoScript 12.0 alpha for #chromium-based browsers later this month)

https://noscript.net/getit

Screenshot of a browser configuring site permissions with NoScript

noscript.netGet it! - NoScript: Own Your Browser!The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!

Nov 6, 2024

**Kevin Karhan** @kkarhan@infosec.space · Oct 26, 2024

Kevin Karhan @kkarhan@infosec.space

@aral @SecurityWriter +9001%

Like #uBlockOrigin (and #NoScript) - the (former) being included in @torproject / #TorBrowser!

Oct 26, 2024

**Kevin Karhan** @kkarhan@infosec.space · Sep 25, 2024

Kevin Karhan @kkarhan@infosec.space

@megmac nodds in agreement

But that would've required @mozilla to actually give a shit and wanting to make #Firefox good, cuz then they'd include #NoScript and #uBlockOrigin as well as default #AddOns!

Sep 25, 2024

**R. L. Dane** @RL_Dane@fosstodon.org · Aug 19, 2024

R. L. Dane @RL_Dane@fosstodon.org

@nuintari

> How the hell did we ever live without:
> tabs in browsers

I remember being forced to use IE6 in the 2000s at work, because infosec didn't approve of firefox (YET). Not only did I have to have a window open for every site (super annoying), the only way to get anything like #NoScript was to have a stupid pop-up show up for *every* page I navigated to asking me if I wanted JS to run.

A lot of my friends just used firefox and other tools they needed via #LupoPenSuite on a thumb drive.

Aug 19, 2024

**Kevin Karhan** @kkarhan@infosec.space · Jul 29, 2024

Kevin Karhan @kkarhan@infosec.space

@hj @radmin @SuperDicq

WHAT ABOUT #THXBYE #EOD IS NOT CLEAR?
https://infosec.space/@kkarhan/112869106970638471
THE WHOLE #ADBLOCKING STUFF LIKE #NoScript SHOULD NOT HAVE A REASON TO EXIST TO BEGIN WITH!
I AVOID THAT SHIT BECAUSE IT IS A NET NEGATIVE TO THE WORLD, LIKE #WINDOWS, AND THUS I WON'T WASTE TIME OR ENERGY HAVING TO CLEANUP DIGITAL FECES FROM MY TRAFFIC AFTER I GOT.IT SHIT ALL OVER THE WEB!!!
THERE IS NO LEGITIMATE REASON FOR #JavaScript WHEN THERE ARE AMPLE OF RICH WEBSITES, ESPECHALLY #OnionServices SHOWING THAT THEY DON'T NEED THAT SHITE!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@hj@shigusegubu.club @radmin@limepeeps.perchinup.top @SuperDicq@minidisc.tokyo Well, no. That assumes I'd install such garbage to begin with! And yes [JS is malware]( https://mastodon.sdf.org/@gnemmi/112869080794988869 )... - There's no reason for something like that to require a fucking app when 25+ years ago a goddamn website would do just fine... But hey go live in the dystopian world where everyone but you is a #TechIlliterate #Zoomer... I've got more pressing things to do than debate bs. #thxbye #next #EOD

#thxbye #eod #adblocking

Jul 29, 2024

**Kevin Karhan** @kkarhan@infosec.space · Jul 8, 2024

Kevin Karhan @kkarhan@infosec.space

@Laberpferd @Natanox

Besonders #WebBrowser sind die Angriffsfläche Nummer eins weil sowas wie #CryptoJacking ist so dermaßen gängig, ich nutze #TorBrowser standardmäßig und wenn ich nen anderen [z.B. #Firefox] nutzen muss, dann nur mit #NoScript scharf und reines #AllowListing...

Ist halt kacke dass es soweit gekommen ist...

https://www.youtube.com/watch?v=vMIZKtVruH8

YouTubeCrypto-jacking - ComputerphileBy Computerphile

Jul 8, 2024

**Kevin Karhan** @kkarhan@infosec.space · May 5, 2024 *

Kevin Karhan @kkarhan@infosec.space

@lamp Ideally this could be a CLI tool and fully automated...

I guess I could build it with like #bash and #curl and ask @fuchsiii for help.

A #CaptivePortalDetector would be a nifty thing for @OS1337 given that none of these #CaptivePortals work on #LynxBrowser, heck most don't even work on @torproject / #TorBrowser or @mozilla #Firefox when one uses #NoScript or @dillo which AFAIK doesn't do #JavaScript or only rudimentary stuff...

May 5, 2024 *

**Kevin Karhan** @kkarhan@infosec.space · Apr 23, 2024

Kevin Karhan @kkarhan@infosec.space

@n3wjack I use #uBlockOrigin + #NoScript, but you can also use @torproject / #TorBrowser which does the same...

Apr 23, 2024

**Kevin Karhan** @kkarhan@infosec.space · Apr 23, 2024

Kevin Karhan @kkarhan@infosec.space

@beandev ich bin trotzdem mit #uBlockOrigin + #noScript bzw. @torproject / #TorBrowser ganz zufrieden...

Braucht zwar was Hirn und Zeit funzt aber...

Apr 23, 2024

**Sesivany's blog** @sesivanyblog@blog.eischmann.cz · Apr 19, 2024

Sesivany's blog @sesivanyblog@blog.eischmann.cz

Peníze nebo data!

O novém trendu bannerů, které vám dávají na výběr mezi odevzdáním dat a peněz. Proč to firmy dělají a co s tím.

#cookies #NoScript #reklama #Seznam

https://blog.eischmann.cz/2024/04/19/penize-nebo-data/

GIF

Apr 19, 2024

**Kevin Karhan** @kkarhan@infosec.space · Apr 10, 2024

Kevin Karhan @kkarhan@infosec.space

@ilumium until there's legal predent not just by @noybeu sueing but by actual court injunctions under penalty of prison, shit won't change.

Thus I use @torproject / #TorBrowser and #LynxBrowser over #Tor because #FuckAds and #FuckTracking.

Also using #NoScript and only allowlisting individual cookies for 15 years straight on #Firefox for the few sites that refuse to #DontBlockTor helps a lot...

#WjatYouAllowIsWhatWillContinue

Apr 10, 2024

**Kevin Karhan** @kkarhan@infosec.space · Mar 28, 2024 *

Kevin Karhan @kkarhan@infosec.space

@topher I actually use @tails_live with @torproject / #TorBrowser as main desktop OS...

Pragmatic would be using @ubuntu / #UbuntuLTS + #TorBrowserBundle and maybe @mozilla #Firefox on very few & selected sites with #NoScript set to max...

Mar 28, 2024 *

**Kevin Karhan** @kkarhan@infosec.space · Mar 15, 2024

Kevin Karhan @kkarhan@infosec.space

@avuko Some shitty JS + Tracking cookie.

It doesn't appear on @mozilla #Firefox with #NoScript, #YesScript & #uBlockOrigin up and running - nor on @torproject #TorBrowser...

Mar 15, 2024

**R. L. Dane** @RL_Dane@fosstodon.org · Feb 14, 2024

R. L. Dane @RL_Dane@fosstodon.org

@mischievoustomato @feld@bikeshed.party @bonifartius [qoto.org] @Hoss@shitpost.cloud

S'decent. I do like WebKit.

Gimme #uBlockOrigin and #NoScript, though.

Feb 14, 2024

Jan 30, 2024

[𝚜𝚒𝚍𝚗𝚎𝚢𝚜𝟷@~/𝚜𝚛𝚌]$ @Sidneys1@infosec.exchange

Look ma, no JS!

HTML/CSS-only end-user selectable theming and display toggles :)

GIF

#html #css #noscript

Jan 30, 2024

**basisbit** @basisbit@chaos.social · Dec 9, 2023 *

basisbit @basisbit@chaos.social

Wer sich das UI für das #NoScript Plugin für #Firefox unter Android ausgedacht hat, sollte ein stricktes Verbot für UI-Design/Implementierung für ein paar Jahre auferlegt bekommen. Das ist absolut maximal Feindlich gegenüber neue Nutzer, nur bunte Button-Bilder völlig ohne irgend welche Labels oder Beschreibungen. Sorry, aber what the fuck, das kann doch nicht deren Ernst sein??? Oder ist da nur momentan etwas kaputt so dass Labels in der Anzeige fehlen? Da ist Platz auf der Seite... @noscript

Screenshot des NoScript Plugin im Firefox Webbrowser unter Android. Es ist eine Überschrift namens "NoScript" zu sehen, sowie eine für mich unklare Menge an Symbolen welche vermutlich Buttons sind. Manche haben viel Rot, manche nur ein bisschen rot. Manche Symbole sind lunks oben angeordnet und manche rechts oben.

Dec 9, 2023 *

**R(i)SK** @risk@aachen.social · Dec 7, 2023

R(i)SK @risk@aachen.social

Liebe ja Websites, die ihren ganzen Content von einer dritten Domain beziehen, so dass man beim Einsatz von #noscript und Co. beim Laden der Seite erstmal nur den Kopf der Seite, aber keinerlei Inhalte sieht.

Dec 7, 2023

Recent searches

Search options

Administered by:

Server stats:

#noscript