don't panic !
Posted by: mhf
Date: May 24, 2010 11:08PM

After visiting this site I was wondering where my KM settings are incorrect !!!!!

Re: don't panic ! (privacy)
Posted by: siria
Date: May 25, 2010 12:53AM

Why, they don't see anything of me cool smiley
I'm surfing with everything blocked and especially javascript off by default tongue sticking out smiley
(unless required occasionally, that's what the privbar is here for grinning smiley)

Okay, and now I'll boldly switch js on and click that hot button again.... ;-)

Oh well, first thing I noticed was that google doubleclick-adds were loading! That much for privacy concerns on that site... Afterwards all their giant scripts did was nearly freeze my poor ole win98 with its 256MB RAM - had to break the connection to stop that script. Or perhaps it was one of those gecko 1.9 scripts that freeze it KM15x. Or one of those known bug scripts... Am not going to try again *grmpf*



Edited 2 time(s). Last edit at 05/25/2010 01:03AM by siria.

Re: don't panic ! (privacy)
Posted by: slayer
Date: May 25, 2010 05:03AM

I had to stop the script too, it's to slow and my 11 years old computer can't handle it.

Re: don't panic ! (privacy)
Posted by: mhf
Date: May 26, 2010 01:37AM

Yes it's a powerful script, I had to wait 10 minutes until the CPU slowed down again. But the point is that the script on this site (and others) can exploit browsers and read your history - I first tried it with my recent history, the script picked up quite a few, but not all strangely enough. Then I wiped History and it couldn't find anything. Fair enough, that shows that you shouldn't keep your history for too long, but the interesting part is that the script CAN try and check your history, in other words there's a gaping gap there whether your history is cleared or not.

I picked up the story from here.

Re: don't panic ! (privacy)
Posted by: siria
Date: May 26, 2010 02:16AM

Well, what I'm saying and practicing for years, turn javascript/flash/cookies off and you're *almost* on the safe side tongue sticking out smiley
And that's why I love the privacy bar so much, all blocked settings in sight and just one button-click away if actually needed for a page cool smiley



Edited 1 time(s). Last edit at 05/26/2010 02:19AM by siria.

Re: don't panic ! (privacy)
Posted by: Doon
Date: May 27, 2010 01:13PM

Previous talk about this exploit:
http://kmeleon.sourceforge.net/forum/read.php?1,91562

More info and recent developments:
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/

Also, a newly published tab-napping exploit (requiring javascript) that could make great use of the history exploit:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack
That page is a proof of concept and is safe to inspect.


Quote
siria
Well, what I'm saying and practicing for years, turn javascript/flash/cookies off and you're *almost* on the safe side tongue sticking out smiley
And that's why I love the privacy bar so much, all blocked settings in sight and just one button-click away if actually needed for a page cool smiley

Hear, hear!
Same here.



Edited 1 time(s). Last edit at 05/28/2010 02:30AM by Doon.

Re: don't panic ! (privacy)
Posted by: panzer
Date: June 08, 2010 03:41PM

Too late, mhf. PANIC! smiling smiley

Re: don't panic ! (privacy)
Posted by: floora
Date: October 06, 2010 12:53PM

well now this is now trend that every small thing is getting issue now adays and people were scared that what should happen now what should we do now?

K-Meleon forum is powered by Phorum.