funsec mailing list archives
Re: Interesting: Stealing your browser history... withoutJavaScript!
From: Paul Ferguson <fergdawgster () gmail com>
Date: Sat, 13 Jun 2009 23:55:02 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jun 13, 2009 at 5:46 PM, Paul Ferguson<fergdawgster () gmail com> wrote:
On Sat, Jun 13, 2009 at 4:55 PM, silky<michaelslists () gmail com> wrote:On 6/14/09, Thomas Raef <traef () ebasedsecurity com> wrote:I seem to recall that HD Moore (I believe that's his name) showed this at Blackhat 2006 in Las Vegas, but his did use javascript.Yeah, it's pretty old. a:visited. *shrug* Could be a ff-plugin (maybe addition to NoScript) to ban certain types of CSS selectors and attributes.I e-mailed Giorgio Maone to ask him about it. :-)
Giorgio told me there's no much he can do about it in NoScript -- see also the comment thread here: https://bugzilla.mozilla.org/show_bug.cgi?id=147777 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKNJ66q1pz9mNUZTMRAj6/AKDGQaLOFTgSHG/FsQ19gIXSEvAwVQCg8TGj ygn3UwLrp1MQ5raHQUDzzRY= =f31V -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Interesting: Stealing your browser history... withoutJavaScript! Thomas Raef (Jun 13)
- Re: Interesting: Stealing your browser history... withoutJavaScript! silky (Jun 13)
- Re: Interesting: Stealing your browser history... withoutJavaScript! Paul Ferguson (Jun 13)
- Re: Interesting: Stealing your browser history... withoutJavaScript! Paul Ferguson (Jun 14)
- Re: Interesting: Stealing your browser history... withoutJavaScript! Paul Ferguson (Jun 13)
- Re: Interesting: Stealing your browser history... withoutJavaScript! silky (Jun 13)