Thread: Security Warning (CSS Hack)

I just completed additional tests using IE, Chrome, Safari, Opera, HistoryBlock and NoScript. HistoryBlock users need to be especially careful how they surf:


UPDATES [October 10th]

UPDATE 1 - HistoryBlock & NoScript Add-ons

• NoScript only works with Java based exploits
• HistoryBlock does not work if you browse both sites at the same time*

*HistoryBlock utilizes the tab closed & download complete addEventListeners to initiate a history wipe. That leaves you exposed if you have both sites open in separate tabs at the same time or open TI from the same tab without going to an intermediate page first. Also be aware that HistoryBlock will erase cookies upon tab closure.

UPDATE 2 - Disabling Browser History

• Does not work in IE
• Does not work in Opera
• Does not work in Safari

*Disabling history only works properly in Firefox.

I want to second Jumbaleo, ethicks and vegas.
Just want to make clear for everyone:

to disable visited css, edit
<mozilla firefox folder>\greprefs\all.js

Change--> pref("layout.css.visited_links_enabled", false);

As I see this will disable the css hack, and it does not have too much effect on the font/text apperance.

I would still suggest to remove TI from history in any means, since in the future there could be any new exploit to gather the history data.

inserting

Code:

pref("layout.css.visited_links_enabled", false);

into user.js is even better because neither firefox nor its addons can change that. user.js has the highest priority.
if there is no user.js just create it.

What should I do under Opera ?

From what i read if you are using Opera 9.02+ you are safe

Neither of the tests found anything for me so I'm fairly confident, I'm secure.

I'm not too sure that this is a CSS script.

I'm thinking it's more of a HTML_REFERRER code that they put in. Any site can see it. If you have a website that has cPanel, check the website logs. It will show all of the visitors IPs and some other information, including the website you were just on. That's why most sites use Anonymity.com or anonym.to for external links - Dave, you should consider that.

Be safe!
-Tom

tomz, I will happily show you a snippet of CSS code which will reveal whether you have been to some URLs in a given list or not. That is why this is a security warning - it cannot reveal your browsing history but it sure can be used to discriminate between users of a particular site, and there is no way to "block" or "patch" it as such, due to the nature of CSS.

Your point about the HTTP referrer header is a valid one, but well known. Most people wouldn't be clicking links from T-I directly to a tracker homepage anyway, even if links weren't directed through anonym.to, and [good] browsers can be set to not send referrer headers anyway.

I've never really experimented with CSS before, or even JS for that matter, so I have no clue when it comes to that sort of stuff, but the HTTP_REFERRER can't be blocked unless you get an addon, or use a good browser. Having an anonymous.com or anonym.to plugin on this forum wouldn't be a bad idea either.

-Tom