+ Reply to Thread
Page 5 of 15 FirstFirst ... 34567 ... LastLast
Results 61 to 75 of 223

Thread: CSS History Leak and how to prevent it even with enabled history [Firefox & Opera]

  1. #61
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by atlantis View Post
    Actually my scans are clear but I'll set it to false for more safe
    Better do that. It takes just one minute, and will protect you against the second attack.

    Thanks for all the info, Zorvak!
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    atlantis (21.07.09)

  3. #62

    Join Date
    20.04.09
    Posts
    154
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss154
    Hi, so which things would be the best to use to prevent this? Noscript + Zorvak solution is enough? About noscript, are default settings too restrictive? which settings do you recommend for it? For Opera i disabled history and send referrer information.
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    (18.01.22)

  5. #63
    Advanced User alpacino's Avatar
    Join Date
    19.03.09
    Location
    locked in Alchemilla Hospital
    P2P Client
    none, just the toolz
    Posts
    2,059
    Activity Longevity
    5/20 18/20
    Today Posts
    0/5 sssss2059
    Quote Originally Posted by Haggar View Post
    Hi, so which things would be the best to use to prevent this? Noscript + Zorvak solution is enough? About noscript, are default settings too restrictive? which settings do you recommend for it? For Opera i disabled history and send referrer information.
    If you don't care about web history, disabling it on any browser should be enough. Another nice measure is to use an exclusive browser for sb-i.

    Sb-i already has a de-referrer script in place, but if you want to be extra care, don't click on links from here, rather open a new window/tab and type the address yourself!
    it's hip to be square
    Reply With QuoteReply With Quote
    Thanks

  6. Who Said Thanks:

    Haggar (09.09.09)

  7. #64
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by Haggar View Post
    Hi, so which things would be the best to use to prevent this? Noscript + Zorvak solution is enough?
    If you're going to use the same browser for SB-I and trackers, I'd disable history entirely since I don't care about it (but you can use Zorvak's solution if you do)+NoScript/BlockIt+disable referers or use the RefControl settings I posted on kazuya's thread.

    I personally use a different browser from Xenocode for every connected tracker.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    Haggar (09.09.09)

  9. #65

    Join Date
    16.08.09
    Location
    YOU can guess bUT CANT CATCH
    P2P Client
    anything that meets me
    Posts
    455
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss455
    if u want to use firefox as ur browser to surf into SB-I must be do it at pprivate browsing..or more safer..do it with ie8..site works well with ie8 too private browsing..wont store history at all..
    Reply With QuoteReply With Quote
    Thanks

  10. #66
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    or more safer..do it with ie8..
    IE8? Safer?

    But if you only use it to browse SB-I, that'd be fine. I personally prefer to use different browsers for my trackers instead - only some of them are using this method!
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  11. #67
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385

    Preventing the CSS Leak on Opera

    Hi,

    I have been using this config for some time already, and it works to prevent the leak on Opera. (Note I couldn't test the <randomstring> attack Zorvak mentioned above)

    The procedure is more or less the same as with Firefox:

    • Open a Notepad window and enter the following:
      PHP Code:
      a:visited{
        
      backgroundnone !important;
        
      background-imagenone !important;
        list-
      style-imagenone !important;

    • Save it somewhere (can be any folder; I chose %programfiles%\Opera\styles) as user.css. You must enclose the filename between quotes in Notepad, or else it'll save it as a TXT file.

    • Open Opera, and go to View -> Style -> Manage Modes.

    • Click on the Display tab, then "Choose..." your stylesheet. Go to the directory where you located user.css and select it. Now go to the Presentation Modes tab and make sure the "My style sheet" checkbox is ticked for both modes.

      Note: if you have set custom preferences for sites in the past, this tweak may not apply for those. You should go to Tools -> Preferences -> Advanced -> Content -> Manage Site Preferences, highlight a site, click on Edit, then go to the Display tab and make sure your stylesheet is being used at the bottom. Repeat this for every site you've set custom preferences for.


    You're now protected against the CSS attack "flavor", but read on - trackers could still check if you've visited SB-I via the JavaScript attack. On Firefox you could download the NoScript addon and be done. For Opera, we'll do something similar with an user script called BlockIt.


    • First of all, download it from here. Save the file somewhere (I did it under %appdata%\Opera\Opera\profile\scripts, because I want all of Opera's files to remain together) as BlockIt.js.

    • After that, go to Tools -> Preferences -> Advanced -> Content -> JavaScript Options, and "Choose..." BlockIt's JS file at the bottom. Press OK on this and the Preferences Dialog to exit both.

    • Load any page (Google, for example), and you should notice an icon of a paper clip on the bottom right of the screen. Click it to open BIT's UI:


    • I'm not going to explain what every button does, you can read that below. For now, just know this means the addon is working, protecting you from malicious scripts.

      Note: the same I mentioned for custom site preferences and your stylesheet applies here. Go to the Scripting tab, and "Choose..." BlockIt for every site.

    • Now I'd recommend you Tools -> Delete Private Data, mostly just in case and so as to start fresh.


    Congratulations, you're done shielding your browser against this flaw. To check this, visit a popular page such as Google or Facebook, then go to this site. BlockIt and the custom stylesheet should prevent the JS and CSS attacks, respectively, and thus the site shouldn't be able to show you the contents of your history. If it can, you've done something wrong.


    FAQ

    Q: Can't I just disable History?
    A: That does NOT work on Opera.

    Q: What do all those buttons on BlockIt do?
    A: I'll just quote myself:
    Quote Originally Posted by anon View Post
    The #X# means that script/image/iframe is being blocked.
    "Unblock" unblocks the specified/selected item from the page.
    "T-unblock" reloads the page and temporarily allows all blockable items.
    "Server" toggles blocking or unblocking of all items coming from the same server as the selected one.
    "Preview" shows you the selected item: if it's a script, it'll open a new tab showing its source code. If it's an image, it'll show it to you. If it's an iframe, it'll open it in a new tab.
    Q: I hate having to go to BIT and press All/T-Unblock every time I load a page. Is there a way to prevent it from hiding images?
    A: By default, BIT blocks images hosted on sites outside of the one you're visiting as a security measure. You can change this by opening BlockIt.js, and editing the "var imgblockIt" line to read:
    Code:
        var imgblockIt = false;
    If you have any other questions, just tell me.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  12. Who Said Thanks:

    Extraterrestrial (27.05.10) , SealLion (08.03.10) , SBfreak (07.12.09) , alpacino (01.11.09) , shoulder (29.10.09) , Se7Ven (29.10.09)

  13. #68

    Join Date
    28.11.09
    Location
    SB-Innovation
    P2P Client
    Vuzemaster
    Posts
    303
    Activity Longevity
    0/20 17/20
    Today Posts
    0/5 ssssss303
    Just wondering, does toggling the layout.css... make firefox take longer to browse?

    But I've created my usercontent.css and toggled it to false, so thanks, this may save me a banning or two :)
    Reply With QuoteReply With Quote
    Thanks

  14. #69
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by GotIt View Post
    Just wondering, does toggling the layout.css... make firefox take longer to browse?
    Technically there's a performance impact, but it's less than negligible, so I'd say no.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  15. #70

    Join Date
    28.03.09
    P2P Client
    vuze (portable)
    Posts
    119
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss119
    Quote Originally Posted by anon View Post
    Q: Can't I just disable History?
    A: That does NOT work on Opera.
    the css leak seems to be fixed here when just disabling history (addresses=0;dont save content) on op10.01?
    your test link shows no visited links.
    Reply With QuoteReply With Quote
    Thanks

  16. #71
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    It didn't work when I typed that Let me check.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  17. #72
    Moderator
    shoulder's Avatar
    Join Date
    12.04.08
    Location
    I*** D* M*****
    Posts
    4,827
    Activity Longevity
    4/20 19/20
    Today Posts
    0/5 sssss4827
    Quote Originally Posted by GotIt View Post
    Just wondering, does toggling the layout.css... make firefox take longer to browse?
    It depends on your connection and the amount of "unvisited" links, background images, ... .



    ------------------------------>>>>>>>>>> <<<<<<<<<<------------------------------

    Reply With QuoteReply With Quote
    Thanks

  18. #73
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,385
    Activity Longevity
    11/20 19/20
    Today Posts
    4/5 ssss39385
    Quote Originally Posted by pillow View Post
    the css leak seems to be fixed here when just disabling history (addresses=0;dont save content) on op10.01?
    your test link shows no visited links.
    The check site isn't loading for me

    Can anyone else check that? You can get a portable Opera 10.10 here.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  19. #74

    Join Date
    08.06.09
    Posts
    16
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 sssssss16
    all you need is the firefox extension called SAFE HISTORY. It prevents java based and non-javabased attempts to steal your history.
    Reply With QuoteReply With Quote
    Thanks

  20. Who Said Thanks:

    BaMbO (15.12.09)

  21. #75

    Join Date
    30.12.08
    Location
    House
    P2P Client
    utorrent
    Posts
    555
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss555
    Quote Originally Posted by kurdt View Post
    all you need is the firefox extension called SAFE HISTORY. It prevents java based and non-javabased attempts to steal your history.
    can anyone confirm that ?

    Edit: http://www.making-the-web.com/misc/s...ou-visit/nojs/ it doesn't work anymore
    Last edited by atlantis; 15.12.09 at 23:50.
    Reply With QuoteReply With Quote
    Thanks

+ Reply to Thread
Page 5 of 15 FirstFirst ... 34567 ... LastLast

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •