Oh, well, that's perfect. Because NoScript is giving me hard time using the site.
Oh, well, that's perfect. Because NoScript is giving me hard time using the site.
SBi or what.cd??
You did allow sbi didn't you:unsure:
I decided to turn history off and only use Speed Dial addon for FF.
looks like they finally fixed it MFSA 2010-46: Cross-domain data theft using CSS
So does this firefox add-on will prevent CSS History Leak? :unsure: :confused:
Description
Quote:
Description
Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.
Did you actually click on the link?
Yap sorry ,it's a security announce not an add-on :happy:
Damn, guess I should have read this thread, before visiting what.cd in Firefox with SB-I still open... :frown:
Feel a little tension crawling up my spine, if my account will be disabled in a few ...seconds, days, weeks (?).
I'll keep you updated.
In the meantime it'd be a good idea to shield yourself up.
Remember only setting layout.css.visited_links_enabled to false can protect you against the randomstring attack:
http://ha.ckers.org/weird/CSS-history.cgi
For firefox i started
Stanford SafeHistory
Stanford SafeCache
after i became a member of this site...
I'm sure most of you must have known about the plugins...Very handy tool to have when you are in the cheating business...
Haha...it told me a bunch of websites I've NOT visited and there is a blank in The following sites were visited: so I suppose I can log on to TL from here...
But I think the test is 2006 old...
Maybe codes have improved since...
I'd like to test these add-ons on a more modern script...
TL isn't using the CSS leak.
The test may be somewhat old, but NoScript and the anti-leak stylesheet still don't seem to prevent it from reading your history, so...