Noscript HScan

published: February 28th, 2007

After releasing my Firefox specific history scanner, RSnake came up with his own bleeding edge history scanning technique which is based on Jeremiah Grossman’s implementation but it does not require JavaScript. This approach has its own limitations and advantages.

On the advantages side, you don’t really need JavaScript to steal the victim’s browser history anymore. [...]

more | comments | comments rss | posted by

Security vs. Accessibility

published: August 26th, 2006

A lot of noise has been generated around the CSS History Hack. Some people are skeptical about it and think that it can be fixed by installing the latest Firefox version. Others believe that IE is not effected. Unfortunately both groups are wrong.

The problem with the CSS History Hack is that malicious JavaScript code that silently dumps your history is not malicious at all. [...]

more | comments | comments rss | posted by