Doug Ludy wrote: > I am new at this, but have been following the discussion of phishing at > the n.p.m.security newsgroup for the past month. I would like to try > the trustbar extension but when I try to download the program from > http://trustbar.mozdev.org I cannot do so because I have JavaScript > blocked. Should I unblock JavaScript in FF or have I reached a spoofed > site?
Doug, You may want to look into installing this 'must-have' (IMO) Firefox extension- NoScript v1.0.9. It disallows all Javacript use unless you give permission for the specific site/page you're on. https://addons.mozilla.org/extensions/moreinfo.php?id=722 Oh, and I allow all the mozilla.org sites permission, and just by allowing 'mozilla.org'. More on that from www.NoScript.net: Site matching- For each site you can decide to allow the exact address, or the exact domain, or a parent domain. If you enable a domain (e.g. mozilla.org), you're implicitely enabling all its subdomains (e.g. www.mozilla.org, addons.mozilla.org and so on) with every possible protocol (e.g. http and https). If you enable an address (protocol://host, e.g. http://www.mozilla.org, you're enabling its subdirectories- (http://www.mozilla.org/firefox & http://ww.mozilla.org/thunderbird), but not its domain ancestors nor its siblings, i.e. mozilla.org and addons.mozilla.org will not be automatically enabled. By default only the 2nd level, base domain is shown(e.g. mozilla.org) in the menu, but you can configure appearance to show full domains and full addresses as well. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
