Comments on: JavaScript Address Info http://www.gnucitizen.org/blog/javascript-address-info/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Security vs. Accessibility | GNUCITIZEN http://www.gnucitizen.org/blog/javascript-address-info/comment-page-1/#comment-130022 Security vs. Accessibility | GNUCITIZEN Tue, 26 Apr 2011 21:17:37 +0000 http://www.gnucitizen.org/blog/javascript-address-info/#comment-130022 [...] The problem with the CSS History Hack is that malicious JavaScript code that silently dumps your history is not malicious at all. The code makes use of a feature which has never been designed with security in mind and it effects everything that supports CSS and DOM. Removing this feature will cause a lot of accessibility problems. The same applies to many other malicious techniques that recently have been developed. [...] [...] The problem with the CSS History Hack is that malicious JavaScript code that silently dumps your history is not malicious at all. The code makes use of a feature which has never been designed with security in mind and it effects everything that supports CSS and DOM. Removing this feature will cause a lot of accessibility problems. The same applies to many other malicious techniques that recently have been developed. [...]

]]> By: JavaScript Authorization Forcer | GNUCITIZEN http://www.gnucitizen.org/blog/javascript-address-info/comment-page-1/#comment-124500 JavaScript Authorization Forcer | GNUCITIZEN Fri, 28 Nov 2008 16:24:03 +0000 http://www.gnucitizen.org/blog/javascript-address-info/#comment-124500 [...] The attacker discovers your internal IP [...] [...] The attacker discovers your internal IP [...]

]]> By: pdp http://www.gnucitizen.org/blog/javascript-address-info/comment-page-1/#comment-33360 pdp Mon, 02 Jul 2007 10:43:18 +0000 http://www.gnucitizen.org/blog/javascript-address-info/#comment-33360 right, somehow I missed that. right, somehow I missed that.

]]> By: Jordan http://www.gnucitizen.org/blog/javascript-address-info/comment-page-1/#comment-7917 Jordan Mon, 19 Mar 2007 05:18:51 +0000 http://www.gnucitizen.org/blog/javascript-address-info/#comment-7917 fyi -- when doing some digging, I found this reference to this exact same technique from a while back: http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2003-04/0003.html fyi — when doing some digging, I found this reference to this exact same technique from a while back:

http://www.derkeiler.com/Maili...../0003.html

]]> By: J@§¤ñ’s Stack Trace » Blog Archive » Passive Javascript attacks go Mainstream http://www.gnucitizen.org/blog/javascript-address-info/comment-page-1/#comment-4325 J@§¤ñ’s Stack Trace » Blog Archive » Passive Javascript attacks go Mainstream Thu, 15 Feb 2007 22:41:04 +0000 http://www.gnucitizen.org/blog/javascript-address-info/#comment-4325 [...] Earlier this month SPI Dynamics released their paper on JavaScript portscanning. Thier port scanner is more capable than what Jeremiah Grossman released. Their paper describes a method for timing onerror events to do port scans, ping sweeps, basic fingerprinting and getting the nat’d address. [...] [...] Earlier this month SPI Dynamics released their paper on JavaScript portscanning. Thier port scanner is more capable than what Jeremiah Grossman released. Their paper describes a method for timing onerror events to do port scans, ping sweeps, basic fingerprinting and getting the nat’d address. [...]

]]>