Buongiorno nexiane, finalmente un software per (cercare di) impedire a JavaScript di fare i peggiori danni... ovvero: siccome NON VOGLIONO sistemare il runtime JavaScript per evitare che faccia danni, mettiamogli finalmente un bel filtro.
https://jshelter.org/ --8<---------------cut here---------------start------------->8--- What is JShelter? JShelter is a browser extension to give back control over what your browser is doing. A JavaScript-enabled web page can access much of the browser's functionality, with little control over this process available to the user: malicious websites can uniquely identify you through fingerprinting and use other tactics for tracking your activity. JShelter aims to improve the privacy and security of your web browsing. How does it work? Like a firewall that controls network connections, JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the precision of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system or hardware. --8<---------------cut here---------------end--------------->8--- Per i dettagli tecnici in merito a quanto sia problematico JavaScript per la sicurezza (via https://jshelter.org/credits/): --8<---------------cut here---------------start------------->8--- Key ideas The development of this extension is influenced by the paper JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks [1]. It appeared during the work of Zbyněk Červinka and provided basically the same approach to restrict APIs as was at the time developed by Zbyněk Červinka. The Force Point report [2] was a key inspiration for the development of the Network Boundary Shield. Some of the fingerprinting counter-measures are inspired by Farbling of the Brave browser [3]. --8<---------------cut here---------------end--------------->8--- Per ulteriori dettagli tecnici: https://jshelter.org/blog/ Saluti, 380° [1] https://attacking.systems/web/files/jszero.pdf [2] «Attacking the internal network from the public Internet using a browser as a proxy» https://www.forcepoint.com/sites/default/files/resources/files/report-attacking-internal-network-en_0.pdf [3] https://jshelter.org/farbling/ -- 380° (Giovanni Biscuolo public alter ego) «Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché» Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
signature.asc
Description: PGP signature
_______________________________________________ nexa mailing list [email protected] https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
