Off-Topic :
K-Meleon Web Browser Forum
Why, they don't see anything of me :cool:
I'm surfing with everything blocked and especially javascript off by default
(unless required occasionally, that's what the privbar is here for
)
Okay, and now I'll boldly switch js on and click that hot button again.... ;-)
Oh well, first thing I noticed was that google doubleclick-adds were loading! That much for privacy concerns on that site... Afterwards all their giant scripts did was nearly freeze my poor ole win98 with its 256MB RAM - had to break the connection to stop that script. Or perhaps it was one of those gecko 1.9 scripts that freeze it KM15x. Or one of those known bug scripts... Am not going to try again *grmpf*
Edited 2 time(s). Last edit at 05/24/2010 06:03PM by siria.
I had to stop the script too, it's to slow and my 11 years old computer can't handle it.
Yes it's a powerful script, I had to wait 10 minutes until the CPU slowed down again. But the point is that the script on this site (and others) can exploit browsers and read your history - I first tried it with my recent history, the script picked up quite a few, but not all strangely enough. Then I wiped History and it couldn't find anything. Fair enough, that shows that you shouldn't keep your history for too long, but the interesting part is that the script CAN try and check your history, in other words there's a gaping gap there whether your history is cleared or not.
I picked up the story from here.
Well, what I'm saying and practicing for years, turn javascript/flash/cookies off and you're *almost* on the safe side
And that's why I love the privacy bar so much, all blocked settings in sight and just one button-click away if actually needed for a page :cool:
Edited 1 time(s). Last edit at 05/25/2010 07:19PM by siria.
Previous talk about this exploit:
http://kmeleonbrowser.org/forum/read.php?1,91562
More info and recent developments:
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
Also, a newly published tab-napping exploit (requiring javascript) that could make great use of the history exploit:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack
That page is a proof of concept and is safe to inspect.
Hear, hear!
Same here.
Edited 1 time(s). Last edit at 05/27/2010 07:30PM by Doon.
well now this is now trend that every small thing is getting issue now adays and people were scared that what should happen now what should we do now?
All which isn't K-Meleon related.
Re: don't panic ! (privacy)
Posted by:
siria
Date: May 24, 2010 05:53PM
Why, they don't see anything of me :cool:
I'm surfing with everything blocked and especially javascript off by default
(unless required occasionally, that's what the privbar is here for
)
Okay, and now I'll boldly switch js on and click that hot button again.... ;-)
Oh well, first thing I noticed was that google doubleclick-adds were loading! That much for privacy concerns on that site... Afterwards all their giant scripts did was nearly freeze my poor ole win98 with its 256MB RAM - had to break the connection to stop that script. Or perhaps it was one of those gecko 1.9 scripts that freeze it KM15x. Or one of those known bug scripts... Am not going to try again *grmpf*
Edited 2 time(s). Last edit at 05/24/2010 06:03PM by siria.
Re: don't panic ! (privacy)
Posted by:
slayer
Date: May 24, 2010 10:03PM
I had to stop the script too, it's to slow and my 11 years old computer can't handle it.
Re: don't panic ! (privacy)
Posted by:
mhf
Date: May 25, 2010 06:37PM
Yes it's a powerful script, I had to wait 10 minutes until the CPU slowed down again. But the point is that the script on this site (and others) can exploit browsers and read your history - I first tried it with my recent history, the script picked up quite a few, but not all strangely enough. Then I wiped History and it couldn't find anything. Fair enough, that shows that you shouldn't keep your history for too long, but the interesting part is that the script CAN try and check your history, in other words there's a gaping gap there whether your history is cleared or not.
I picked up the story from here.
Re: don't panic ! (privacy)
Posted by:
siria
Date: May 25, 2010 07:16PM
Well, what I'm saying and practicing for years, turn javascript/flash/cookies off and you're *almost* on the safe side
And that's why I love the privacy bar so much, all blocked settings in sight and just one button-click away if actually needed for a page :cool:
Edited 1 time(s). Last edit at 05/25/2010 07:19PM by siria.
Re: don't panic ! (privacy)
Posted by:
Doon
Date: May 27, 2010 06:13AM
Previous talk about this exploit:
http://kmeleonbrowser.org/forum/read.php?1,91562
More info and recent developments:
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
Also, a newly published tab-napping exploit (requiring javascript) that could make great use of the history exploit:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack
That page is a proof of concept and is safe to inspect.
Quote
siria
Well, what I'm saying and practicing for years, turn javascript/flash/cookies off and you're *almost* on the safe side
And that's why I love the privacy bar so much, all blocked settings in sight and just one button-click away if actually needed for a page :cool:
Hear, hear!
Same here.
Edited 1 time(s). Last edit at 05/27/2010 07:30PM by Doon.
Re: don't panic ! (privacy)
Posted by:
floora
Date: October 06, 2010 05:53AM
well now this is now trend that every small thing is getting issue now adays and people were scared that what should happen now what should we do now?
English