Stolen history without Javascript and some news

RSnake has writte up an excellent post on stealing a users browsing history without the use of Javascript. Apparently though, there was an obscure, though similar paper written before this. According to Mephisto in the comments, this detects history through multiple instances
of the browser. Probably because the browser gets updated and the site is
using the visited: CSS if you visit it in once instance. Anyways, interesting stuff. Don’t forget to get the XSS book tomorrow!

Also, I’ve set up a new forum on one of my spare machines.
It’s not particularly secure right now as it’s using Debian packages. They tend to be a little out of date. But at least it’s stable. I’ll be making semi-regular backups, so it won’t be a huge issue if it’s hacked. Assuming your DNS updated by the time you read this, it should be at Kyran.ca. You’ll probably also notice the banner on the right. Yup. Easier sign-up for e-mails @kyran.ca

About these ads

Written by Rodney G

02/28/2007 at 9:49 pm

Posted in Uncategorized

Tagged with News, Security

One Response

Subscribe to comments with RSS.

ohay thar.

Gleek

04/25/2007 at 11:50 am

Reply

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

RETURN $ecure;