Local Rodeo Protects Firefox From JavaScript Malware
Keeping up with all the different attack vectors is like the protagonist of Cervante's famous novel Don Quixote. New threats are emerging on a daily basis while protections seem to remain stagnant at best. Users could opt for a radical solution by choosing to turn off scripts using NoScript and uninstalling scripting languages like Java and Flash content.
That would make most of the Internet unusable and produce some bad looking websites with reduced functionality while some would stop working completely.
Local Rodeo is a Firefox extension that protects Firefox against two types of JavaScript malware. The two types are Intranet Exploration and Anti DNS-Pinning.
Keeping up with all the different attack vectors is like the protagonist of Cervante's famous novel Don Quixote. New threats are emerging on a daily basis while protections seem to remain stagnant at best. Users could opt for a radical solution by choosing to turn off scripts using NoScript and uninstalling scripting languages like Java and Flash content.
That would make most of the Internet unusable and produce some bad looking websites with reduced functionality while some would stop working completely.
Local Rodeo is a Firefox extension that protects Firefox against two types of JavaScript malware. The two types are Intranet Exploration and Anti DNS-Pinning.
Intranet Exploration (i.e. JavaScript portscanning and fingerprinting): The extension classifies all network locations to be either local or external, with local locations being part of the intranet. All http requests that have an external origin (i.e. were generated within the execution context of an external webpage) and a local target (i.e. an intranet resource) are canceled by LocalRodeo.
Anti DNS-Pinning: LocalRodeo detects this attack method by monitoring DNS answers. The switch of a given domain from external to local (or vice versa) is a clear indication of an anti-pinning attack. If such a switch is detected, all further requests from or to the malicious domain are prohibbited.
A detailed explanation of Anti DNS-Pinning can be found at the blog of Christian Matthies. The extension was updated to be compatible with Firefox 3 today.Anti DNS-Pinning: LocalRodeo detects this attack method by monitoring DNS answers. The switch of a given domain from external to local (or vice versa) is a clear indication of an anti-pinning attack. If such a switch is detected, all further requests from or to the malicious domain are prohibbited.
