Keeping up with all the different attack vectors is like the protagonist of Cervante's famous novel Don Quixote. New threats are emerging on a daily basis while protections seem to remain stagnant at best. Users could opt for a radical solution by choosing to turn off scripts using NoScript and uninstalling scripting languages like Java and Flash content.
That would make most of the Internet unusable and produce some bad looking websites with reduced functionality while some would stop working completely.
Anti DNS-Pinning: LocalRodeo detects this attack method by monitoring DNS answers. The switch of a given domain from external to local (or vice versa) is a clear indication of an anti-pinning attack. If such a switch is detected, all further requests from or to the malicious domain are prohibbited.
A detailed explanation of Anti DNS-Pinning can be found at the blog of Christian Matthies. The extension was updated to be compatible with Firefox 3 today.
Update: The blog does not seem to be available anymore, but the research paper is still available at the Blackhat website.
wouldn’t noscript do the same though? Or does that not protect against java and flash content? (this is a serious question btw, I don’t know much about scripts)…
Now this is most interesting, only drawback seems to be a possible noticeable slowdown. I’m giving it a try, thanks for this most valuable info, Martin
@Pietzki, I have no idea of NoScript’s range of features; I don’t use it myself as it seems to me exaggeratedly tedious to analyze every website for a go or not : man, I want to surf in security and peace, but no more.
Pietzki NoScript can block all scripts including Flash and Java. Basically everything that is loaded as a plugin into Firefox I assume.
Martin, NoScript can block scripts, but can it filter them as Local Rodeo ?
1- I’ve just installed Local Rodeo, googled on the French Renaissance in order to call less obvious DNS requests (does that make any sense ?) and noticed no speed drawback
2- I really appreciate “set and go” security, not only because I’m lazy or snob, but because I am not aware of technical issues.
I’ll keep this Local Rodeo extension running and see how things evolve. I like to believe this is one more extra (and important as I’ve read) security measure.
Transcontintenal: Noscript either blocks or does not block scripts but there is no way to configure what scripts may or may not do as far as I know.
OK Martin, that’s what I thought as well. And, in fine, this is almost a philosophical approach, I think life is essentially conducted throughout filtering attitudes, somewhere between the gullibility of accepting all and the paranoia of refusing all …
Works well. Thank you
LocalRodeo was just upgraded to version 0.8.5.5
I find having NoScript very useful. You don’t need to have it on all the time, and you can add all the sites you go to do a list of sites to allow script on (Or just do it as you go to them) – it’s really not that hard. However, as said, it can’t filter what scripts can and can’t do.
I use this in combination with AdBlock Plus and Greasemonkey to block any ad what what not that I want. Going to install this and see how it is though (Already got it in, just waiting for an FF restart), looks like it will be good though.
Transcontinental: Never had a problem with NoScript, AdBlock or Greasemonkey slowing my webpage loading down – just saying.
But in that mode, it still provides the same protection as LocalRodeo, plus protections against clickjacking, cross-site scripting, and miscellaneous other, and you have the option to blacklist scripting on individual websites at any time.
Give it a try (http://noscript.net)! The internet is a safer place with NoScript.