Hhmm ? stupid question

Discussion in 'other firewalls' started by Longboard, Jul 9, 2007.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Using FF2.0.0.4 and NIS2007

    I was at the hackerwhacker site testing some configs:
    http://www.hackerwhacker.com/
    Go to "free tools" for scanners :-

    Using NoScript:
    With javascript enabled the site was able to read (some of) my files :(
    Javascript off = no read
    The site as it seems do many scanner sites, requires java enabled.

    I go to other sites that often require java enabled for full function: I dont want any files on display !!

    I posted here: http://forums.mozillazine.org/viewtopic.php?p=2958794#2958794
    And had reply as noted.

    OK: i have a problem now with NIS ( heh heh) which other Firewalls will stop this type of exploit or does it have to be a router (which I have been putting off for a while) ??

    Any advice appreciated.

    Any tips on routers with NAT for the terminally dense would be appreciated also.

    EDIT: as a corollary: how do FW stop java exploits in a browser window if scripting enabled?
     
    Last edited: Jul 9, 2007
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    As far as routers go, I set up a D-Link 604 between my pc and cable modem. Installation was a url that lead me to a config.-wizard that took 3-5 min. to set-up. Easier than even Comodo firewall, even with a network of home pc's (4)...
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I don't believe that it's a firewall's job to stop any legitimate traffic on port 80. If you are allowing your browser to do tcp outbound, then any appropriate return traffic will be allowed also according to spi rules etc. Whether you have a router or not makes no difference. If you want to block javascript or whatever, then use NoScript in Firefox. I also think you're allowing that testing site to scare you for no good reason...
     
  4. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I was just responding to his question....
     
  5. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Agreed!!!
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    No problem, my post was directed to Longboard... :)
     
  7. Dogbiscuit

    Dogbiscuit Guest

    Seems like javascript and Java are being confused with each other here. NoScript can control both. Are you refering to both, or just javascript?
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Yes could be me, I'm not entirely sure what I'm asking ( which is why I'm asking) :doubt:

    See images for my FF settings and NoScript settings

    I surf in or out of sandbox with NoScript on default forbid unless on whitelist.

    This is an allegedly reputable scanner site.
    Does anyone else see the same thing in the file viewer at the bottom of the page?
     

    Attached Files:

Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    506
Thread Status:
Not open for further replies.