Security Lesson: Turn Off Your JavaScript, or use NoScript for Firefox

Yesterday was the SuperBowl. If you were attending in person you might have checked the website for the stadium before you went to the game. If so, you may not only have got soaked at the rainy game, but you might have unknowingly installed a Trojan virus and a keylogger on your computer. As reported in the eWeek story Super Bowl Site Hacked with Trojan, Keylogger, there was a malicious piece of JavaScript inserted in the website’s code.

The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

NoscriptlogoIf you understand what that means or not, one way to have avoided it is to surf the web with your JavaScript turned off. This can be a pain in ass, honestly. Many sites don’t function properly, but it will keep you much safer. If you’re a Firefox user though, you can use NoScript, a free add-on that allows you to selectively turn JavaScript on for sites you trust. That way, you webmail functions like you expect, but the webpage you visit to check your seat for the SuperBowl won’t allow JavaScript to run.

 

There are no comments to this post.

Commenting is not available in this channel entry.