Paid Advertising
web application security lab

Popup Blocking

I ran across an interesting link to a page that tests your browser for popups. It requires that you run Java. I was actually a little bummed that not a single popup went through on my browser. But then again, I run QuickJava (similar in principle to Noscript, but better for my needs) so it’s not that big of a surprise.

But it got me thinking.  This really only tests conventional popups.  It certainly doesn’t test for things like my Most Evil Popup Ever(TM). Frankly, I wouldn’t expect it to, because it isn’t a normal popup, but as technology evolves, I think less and less conventional means for delivery is going to take over.  I feel like there are probably other forms of these types of popups that could work better, but I haven’t put any time into thinking through it, so it’s probably best to leave it at this.  Anyway, cute link if you aren’t sure how vulnerable you are to popup annoyances.

5 Responses to “Popup Blocking”

  1. Kyran Says:

    Let’s see….

    No popups! I’m quite glad. But there are still a few I know work on me. Such as the partypoker ones….

    Ah. I never knew about the QuickJava extension. Thanks.
    This should stop those damn poker ads!

    At any rate, I do agree that the web is evolving in an interesting way.
    There are dozens of new ways to phish,spoof,popup and similar content all the time and sometimes not always mainstream ways of blocking them. I just hope no marketers get ahold of the ‘Most Evil Popup Ever(TM)’. I don’t want my mail client starting up all day long.

  2. RSnake Says:

    I’m not familiar with those popups, but I’d be curious to know what they are breaking through. Out of curiosity, what browser are you using (I’d assume Firefox if you can use extensions)?

    Yah, the Most Evil Popup Ever has been turned into a DoS example. Click here at your own peril. (No, seriously, save everything before you click there).

  3. Kyran Says:

    Yes, firefox. But I am planning on switching to Flock when it is a bit more stable. (Flock is based off Firefox and has a very similar extension system). It seems to be the ‘drop down’ type more than ‘popup’. The ones that slide onto the current page via JScript. But, with QuickJava I can stop most of them now. (Ty again btw.)

    Hmmm. A DoS version? Sounds scary. Let me guess. A few hundred copy+pastes of the mailto meta refresh? Right Click -> Save As…

    Ahahaha. It is! That’s great. Once again, I hope mainstream spammers don’t get ahold of these techniques.

  4. Kyran Says:

    I’m sorry. I had to do this. I added a meta refresh in the header to reload the page after a few seconds. For the rare case that you have a 10,000$ computer and it does nothing.

    On a side note, what tags are allowed in the comments? Is it similar to BBcode or is it using limited html tags?

  5. RSnake Says:

    That’s a good twist… I added the refresh (I’m not sure if 4 seconds is too little, I’ll have to do some testing when I have less things open on my desktop). I was thinking of somehow using that technique as a mask to hide other activities you might want to do to a computer that would require a popup. Inundating the user with dozens of popups might confuse them into clicking on one, etc… Interesting idea anyway. Death by popups!