Posts

Showing posts from October, 2013

Mozilla Lightbeam Add-On Shows Risk of Third Party Sites

Image
The slide above shows an experiment I just conducted using the Lightbeam addon with NoScript . The image at left shows the results of visiting nhl.com, nfl.com, mlb.com, and google.com while NoScript is denying JavaScript and similar content. The image at left shows the results of visiting nhl.com, nfl.com, mlb.com, and google.com while NoScript is disabled to allow JavaScript and similar content. The Lightbeam add-on renders the primary and third party Web sites visited in each case. When NoScript is denying Javascript and similar content, only 9 third party sites are called in order to render the 4 primary Web sites. When NoScript is disabled to allow JavaScript and similar content, 66 third party Web sites are called. Only a few minutes after taking the original images, the count for the second case increased from 66 to 90. Why is this a problem? From a security perspective: The more third party Web sites required to render a primary site, the more opportunities int