Oh, well, that's perfect. Because NoScript is giving me hard time using the site.
Oh, well, that's perfect. Because NoScript is giving me hard time using the site.
I decided to turn history off and only use Speed Dial addon for FF.
looks like they finally fixed it MFSA 2010-46: Cross-domain data theft using CSS
Your account has been disabled.
So does this firefox add-on will prevent CSS History Leak?
Description
Description
Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.
Last edited by Blocker; 24.07.10 at 18:01.
Did you actually click on the link?
"I just remembered something that happened a long time ago."
Yap sorry ,it's a security announce not an add-on
Last edited by Blocker; 24.07.10 at 18:18.
Damn, guess I should have read this thread, before visiting what.cd in Firefox with SB-I still open...
Feel a little tension crawling up my spine, if my account will be disabled in a few ...seconds, days, weeks (?).
I'll keep you updated.
In the meantime it'd be a good idea to shield yourself up.
Remember only setting layout.css.visited_links_enabled to false can protect you against the randomstring attack:
http://ha.ckers.org/weird/CSS-history.cgi
"I just remembered something that happened a long time ago."
For firefox i started
Stanford SafeHistory
Stanford SafeCache
after i became a member of this site...
I'm sure most of you must have known about the plugins...Very handy tool to have when you are in the cheating business...
Haha...it told me a bunch of websites I've NOT visited and there is a blank in The following sites were visited: so I suppose I can log on to TL from here...
But I think the test is 2006 old...
Maybe codes have improved since...
I'd like to test these add-ons on a more modern script...
TL isn't using the CSS leak.
The test may be somewhat old, but NoScript and the anti-leak stylesheet still don't seem to prevent it from reading your history, so...
"I just remembered something that happened a long time ago."
Bookmarks