With new drive-by JS exploiting an unfixable CPU flaw, now is it time to whitelist?



  • It would be painful to go with a NoScript-style solution (I've read that uBlock Origin can do this, too), but this ASLR issue is pretty dire. Perhaps Sandboxie would be better?

    https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier



  • @rseiler -- groan! Most unpleasant news! Thanks.

    I run all my browsers & PIMs [ie, any pgm that requires access to (parts of) my data & the internet simultaneously] sandboxed with FireJail. Other pgms needing access to my data & which by default do have internet access, but which IMO do not / should not have internet access, also run in FJ but with options set to block all internet access. I hope that collectively affords me some reasonable level of safety...
    ................................................................................................................
    Tower & Lappy = Maui Linux 2.1 "Blue Tang" x64 Plasma 5.8.4.



  • @Steffie For me, it sound like you're being overcautious, but perhaps I'm the one being reckless since I'm taking no extra effort to take care of my security (besides using a free AV - that I wouldn't even know it's there if not for the ads - and using Private Windows all the time, and being oversuspicious towards sources that I don't know or that just look untrustworthy to me). 😄


  • Vivaldi Translator

    The test success with "naked" browsers with default settings.
    Adept~Advance browser users already take precautions by any means.
    Even newbie users do that this days in no time.

    Also, the research papers linked in that post only gave magnificent long results if the attack success. The way how it could happen only explained in one short paragraph. That is, if the attacker could actually run the JavaScript on victim. Hmm, right.



  • @pafflick -- yeah, i might be, but it seems to be in my DNA; trust nothing & nobody. On a bad day i don't trust me, either. I fully realise that people fall into different camps on issues like this [hell -- ALL issues], & this is one of those areas where i'm happy to share/offer my opinion but i don't even bother trying to proselytise or win people over to "the cause". If people wanna take a different view for themselves i can respect & honour that. TBH my initial interest in FJ once i first heard of it was purely from the perceived security aspect, but that rapidly became equalled by its unmitigated "geek factor" too. ;-)


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.