bbosh - Slashdot User

Comment Related exploit (Score 1) 124

by bbosh on Monday May 31, 2010 @03:13PM (#32409448) Attached to: Clickjacking Worm Exploits Facebook "Like" Feature

It is also worth pointing out another Facebook exploit which allows a page to 'run' Javascript on a Facebook page. It prompts the user to perform certain actions which copy-and-paste a 'javascript:' style URL to the address bar, and to click Enter to execute the Javascript. This also has the potential to spread fast by sharing it with all of your friends. See http://infinity-infinity.com/2010/05/facebook-exploit-social-engineering-javascript-injection/.

Comment Re:Doesn't compression do most of this? (Score 1) 4

by bbosh on Tuesday July 21, 2009 @06:38AM (#28767667) Attached to: How to make the Internet faster in 5 minutes

I don't think the headers get compressed (so nothing gets optimized away). There is a header "Content-Encoding: gzip" which suggests that the content only is compressed. -Brendon.

Comment Re:On the other hand (Score 1) 216

by bbosh on Sunday June 14, 2009 @04:57AM (#28325361) Attached to: Sniffing Browser History Without Javascript

Maybe one can use this site to their advantage. Obviously, the owners know something we know not - popularity of websites. If you can 'play' the browser at the user end, you can have a look into their database. See what they're searching for and how. It cuts both ways.

It's from Alexa and Yahoo's search API

Sniffing Browser History Without Javascript 216

Posted by kdawson on Saturday June 13, 2009 @08:32PM from the hole-in-css dept.

Ergasiophobia alerts us to a somewhat alarming technology demonstration, in which a Web site you visit generates a pretty good list of sites you have visited — without requiring JavaScript. NoScript will not protect you here. The only obvious drawbacks to this method are that it puts a load on your browser, and that it requires a list of Web sites to check against. "It actually works pretty simply — it is simpler than the JavaScript implementation. All it does is load a page (in a hidden iframe) which contains lots of links. If a link is visited, a background (which isn't really a background) is loaded as defined in the CSS. The 'background' image will log the information, and then store it (and, in this case, it is displayed to you)."

Bookmark Expired Domains with PageRank MTW:ED (making-the-web.com)

by bbosh on Sunday January 04, 2009 @10:16AM

Slashdot Top Deals