Noscript HScan

After releasing my Firefox specific history scanner, RSnake came up with his own bleeding edge history scanning technique which is based on Jeremiah Grossman’s implementation but it does not require JavaScript. This approach has its own limitations and advantages.

On the advantages side, you don’t really need JavaScript to steal the victim’s browser history anymore. [...]

more | comments | comments rss | posted by

Security vs. Accessibility

A lot of noise has been generated around the CSS History Hack. Some people are skeptical about it and think that it can be fixed by installing the latest Firefox version. Others believe that IE is not effected. Unfortunately both groups are wrong.

The problem with the CSS History Hack is that malicious JavaScript code that silently dumps your history is not malicious at all. [...]

more | comments | comments rss | posted by