Torrent Invites! Get your free private torrent tracker invites ! - View Single Post

Vegas · 10-08-2009, 08:51 PM

It has come to our attention that certain trackers, including x264, are utilizing an internet browser exploit to identify and ban TI members. The vulnerability is caused by some browsers' implementation of Cascading Style Sheets (CSS). This allows trackers to query your computer and identify which sites you belong to, including Torrent-Invites.com.

Is your computer vulnerable?

CSS Hack Test (without JavaScript)
CSS Hack Test (with JavaScript)

What can you do to protect yourself?

OPTION 1 - Disable CSS Visited Links [Firefox Only]

Type "about:config" in the address bar
Type "layout.css.visited_links_enabled" in the filter list
Change the default value of "True" to "False" by double clicking it
Restart Firefox

OPTION 2 - Disable Browser History [Firefox Only]

Tools --> Clear Recent History
Tools --> Options --> uncheck "Remember my browsing history"

OPTION 3 - Use a Different Browser for TI

e.g. Use Firefox for TI and Internet Explorer for Trackers

OPTION 4 - Temporarily Enable Private Browsing

[Firefox 3.5] Tools --> Start Private Browsing
[IE 8] Tools --> InPrivate Browsing
[Chrome] Press Ctrl+Shift+N (Incognito)
[Safari] Safari --> Private Browsing
[Opera] Does NOT have a Private Browsing option.

NOTE: You will need re-enable Private Browsing each time you start the browser.

Additional Information:
CSS History Probing Explained
Sniff Browser History Tutorial
BrowserSpy Test Site
StartPanicking Test Site

UPDATES [October 10th]

UPDATE 1 - HistoryBlock & NoScript Add-ons

NoScript only works with JavaScript based exploits
HistoryBlock does not work if you browse both sites at the same time*

*HistoryBlock utilizes the tab closed & download complete addEventListeners to initiate a history wipe. That leaves you exposed if you have both sites open in separate tabs at the same time or open TI from the same tab without going to an intermediate page first.

UPDATE 2 - Disabling Browser History

Does not work in IE
Does not work in Opera
Does not work in Safari

*Disabling history only works properly in Firefox.

10-08-2009, 08:51 PM	#1 (permalink)
Vegas Vegas has no status. Super Moderator Join Date: Mar 2009 Posts: 892 iGiver: (122)	Security Warning (CSS Hack) It has come to our attention that certain trackers, including x264, are utilizing an internet browser exploit to identify and ban TI members. The vulnerability is caused by some browsers' implementation of Cascading Style Sheets (CSS). This allows trackers to query your computer and identify which sites you belong to, including Torrent-Invites.com. Is your computer vulnerable? CSS Hack Test (without JavaScript) CSS Hack Test (with JavaScript) What can you do to protect yourself? OPTION 1 - Disable CSS Visited Links [Firefox Only] Type "about:config" in the address bar Type "layout.css.visited_links_enabled" in the filter list Change the default value of "True" to "False" by double clicking it Restart Firefox OPTION 2 - Disable Browser History [Firefox Only] Tools --> Clear Recent History Tools --> Options --> uncheck "Remember my browsing history" OPTION 3 - Use a Different Browser for TI e.g. Use Firefox for TI and Internet Explorer for Trackers OPTION 4 - Temporarily Enable Private Browsing [Firefox 3.5] Tools --> Start Private Browsing [IE 8] Tools --> InPrivate Browsing [Chrome] Press Ctrl+Shift+N (Incognito) [Safari] Safari --> Private Browsing [Opera] Does NOT have a Private Browsing option. NOTE: You will need re-enable Private Browsing each time you start the browser. Additional Information: CSS History Probing Explained Sniff Browser History Tutorial BrowserSpy Test Site StartPanicking Test Site UPDATES [October 10th] UPDATE 1 - HistoryBlock & NoScript Add-ons NoScript only works with JavaScript based exploits HistoryBlock does not work if you browse both sites at the same time* HistoryBlock utilizes the tab closed & download complete addEventListeners to initiate a history wipe. That leaves you exposed if you have both sites open in separate tabs at the same time or open TI from the same tab without going to an intermediate page first. UPDATE 2 - Disabling Browser History Does not work in IE Does not work in Opera Does not work in Safari Disabling history only works properly in Firefox. Last edited by Vegas; 11-16-2009 at 05:46 AM. Reason: Updates