Navigation
Home | Send me an email. | Links
About This Site
This is the personal blog of John F. Morton. It's where I talk about the stuff that interests me. Primarily technology, marketing and pop culture. If you are looking for my portfolio of work, visit johnfmorton.com. Thanks for stopping by!
Members
Login | Register | Member List
Monthly Archives
- April 2008
- March 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
Syndicate
Join our Mailing List
Security Lesson: Turn Off Your JavaScript, or use NoScript for Firefox
Yesterday was the SuperBowl. If you were attending in person you might have checked the website for the stadium before you went to the game. If so, you may not only have got soaked at the rainy game, but you might have unknowingly installed a Trojan virus and a keylogger on your computer. As reported in the eWeek story Super Bowl Site Hacked with Trojan, Keylogger, there was a malicious piece of JavaScript inserted in the website’s code.
The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.
If you understand what that means or not, one way to have avoided it is to surf the web with your JavaScript turned off. This can be a pain in ass, honestly. Many sites don’t function properly, but it will keep you much safer. If you’re a Firefox user though, you can use NoScript, a free add-on that allows you to selectively turn JavaScript on for sites you trust. That way, you webmail functions like you expect, but the webpage you visit to check your seat for the SuperBowl won’t allow JavaScript to run.