Doesn't that just clear the cache?"Empty Temporary Internet Files folder when browser is closed" by clicking in the empty check box.
You could set IE to remember the history for "0" days, though.
Doesn't that just clear the cache?"Empty Temporary Internet Files folder when browser is closed" by clicking in the empty check box.
You could set IE to remember the history for "0" days, though.
"I just remembered something that happened a long time ago."
There is an option in FF to also clear all history when you close it...The only thing I see that it will help is if you browse SB-I after you browse trackers beause if you browse SB-I before trackers than they can still see you...
I use Private Browsing in FF for security, that should prevent trackers to see where I have visted.
Is there a way to have both Private and Normal mode up at the same time in FF?
I tried to open up normal with private still on and the new browser turned private...
Hi, I always keep history disabled on firefox, is that enough to keep me safe then? The only option i have ticked there is "remember what i've downloaded".
Yeah, I think you should be safe.
However, visit these websites below and make sure your browsing history isn't there ("0 pages found")
Sniffing Browser History: A Live Example
Sniffing Browser History with NO Javascript!
After I search more about this issue, I find that this is an old bug, reported in 2002 by David Baron for Firefox browser.
Bug 147777 - :visited support allows queries into global history
https://bugzilla.mozilla.org/show_bug.cgi?id=147777
Unfortunately, the userContent.css method only fix the CSS attack, but to disable javascript attack you have to use NoScript extension.
If you don't want to use NoScript extension, here's the easy way to fix this bug (Firefox only) :
- Type about:config in the address bar
- In the filter list, type layout.css.visited_links_enabled
- The default value is true, we must change the value to false
- Right click layout.css.visited_links_enabled and choose Toggle, this will change the status to user set and value to false
- Restart your firefox
I already test this method against the websites below and the history scan gives 0 result,
so this method should work against javascript and css attack.
Javascript Attack : Sniffing Browser History: A Live Example
CSS Attack : Sniffing Browser History with NO Javascript!
No, the option is already there in Firefox 3.5.1.
I'm using Firefox 3.5.1, you need to upgrade it at least to 3.5 to see layout.css.visited_links_enabled option.
Upgrade your Firefox to 3.5.1 :
In Firefox : Help -> Check for Updates
Or download the newest version directly from the official page :
Firefox Product Page : Firefox Browser | Free ways to customize your Internet
Download Link : Mozilla Download
Update
After I do several tests, userContent.css can't protect you against this CSS attack and its variation :
CSS Attack 1, userContent.css will protect you against this attackCode:userContent.css a:visited{ background: none !important; background-image: none !important; list-style-image: none !important; }
CSS Attack 2, userContent.css won't protect you against this attackCode:<style type="text/css"> #link1 { color: blue; } #link1:visited{ color: red; background: url(/log.php?visited_url=en.wikipedia.org); } </style> <a id="link1" href="http://en.wikipedia.org/">Wikipedia</a>
Yeah, just by adding <randomstring> tag it will bypass userContent.css protection.Code:<style type="text/css"> #link1 { color: blue; } #link1:visited randomstring{ color: red; background: url(/log.php?visited_url=en.wikipedia.org); } </style> <a id="link1" href="http://en.wikipedia.org/"><randomstring>Wikipedia</randomstring></a>
Therefore, I recommended you upgrade to Firefox 3.5.1 and use layout.css.visited_links_enabled method to completely disable this attack.
and how I can enable it this ? It must be true or false ?
Atlantis, see my previous post :
http://www.sb-innovation.de/showthre...e=4#post116433
The default value for layout.css.visited_links_enabled is true, you must change it to false, by toggling it.
Actually my scans are clear but I'll set it to false for more safe
Last edited by atlantis; 21.07.09 at 13:11.
Bookmarks