Re: Interesting: Stealing your browser history... withoutJavaScript!

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Jun 13, 2009 at 5:46 PM, Paul Ferguson<fergdawgster () gmail com>
wrote:

> On Sat, Jun 13, 2009 at 4:55 PM, silky<michaelslists () gmail com> wrote:
>
> > On 6/14/09, Thomas Raef <traef () ebasedsecurity com> wrote:
> > > I seem to recall that HD Moore (I believe that's his name) showed this
> > > at Blackhat 2006 in Las Vegas, but his did use javascript.
> >
> > Yeah, it's pretty old. a:visited. *shrug*
> >
> > Could be a ff-plugin (maybe addition to NoScript) to ban certain types
> > of CSS selectors and attributes.
>
> I e-mailed Giorgio Maone to ask him about it. :-)

Giorgio told me there's no much he can do about it in NoScript -- see also
the comment thread here:

https://bugzilla.mozilla.org/show_bug.cgi?id=147777

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFKNJ66q1pz9mNUZTMRAj6/AKDGQaLOFTgSHG/FsQ19gIXSEvAwVQCg8TGj
ygn3UwLrp1MQ5raHQUDzzRY=
=f31V
-----END PGP SIGNATURE-----

-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.