50 ways to leave your lover, but four to sniff browser history "History sniffing" promises a nose full of dust or, you're talking about web browsers, a whiff of the websites you've visited. And that may be enough to compromise your privacy and expose data that allows miscreants to target you more effectively with tailored attacks. For example, a phishing gambit that attempts to simulate …
‘"History sniffing" promises .. a whiff of the websites you've visited .. Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer, and Brave are all affected to some extent’
Do these browser exploits work the same on non-Microsoft operating systems. I would explicidly mention them by name only I risk getting downvoted by the snowflakes.
NoScript only works if the naughty script is served from a domain you don't care about. It might be trickier if the naughty script is hosted on a domain you actually need to whitelist because else the site you're visiting doesn't work (online stores come to mind).
In this case you would need a means to only allow those scripts which are necessary, while blocking those which do unnecessary stuff, despite both coming from the same domain and potentially even being inside the same Javascript file. I guess it's possible, but I don't think it's easy to do reliably (don't know, I'm not a developer, just a pessimist).
NoScript only works if the naughty script is served from a domain you don't care about. It might be trickier if the naughty script is hosted on a domain you actually need to whitelist because else the site you're visiting doesn't work (online stores come to mind).
If it is from the online store, or similar, then the domain owner is a big target that could be prosecuted under the computer misuse act. A few costly & high profile actions could stop a lot, but not all, of this.
I combine NoScript with Privacy Badger, AdBlock Plus, clearing my Firefox browser history completely on exit, and using a password manager (KeePass with Kee add-on). This way there is far less chance that I'll be hit by a nasty. Not impossible, I realize, but the 'attack surface' is much smaller.
I recently got's PO'ed with Firefox and logged into the Admin account on my work PC - I uninstalled Firefox and then started looking around at my other accounts on the PC. After removing Firefox I found over 1Gb of data stuffed into Mozilla and Firefox folders plus multiple registry entries all over the place. All left behind after uninstalling the bloody app!
Browsing data is like old crisp packets, you find them floating around all over the place years after your little snack.
> After removing Firefox I found over 1Gb of data
AFAIK most programs do that when uninstalling: They remove the program's own files, but leave any user-created files the program might have created.
In Firefox's case that would be installed add-ons, the history, cookie and bookmarks databases, the cache (probably the biggest part of the 1 GB you found) and whatever else your own use created. The point is that if you just uninstalled it to reinstall it (for refreshing, updating or fixing), you'll be back to your environment just as you left it. Even if you install another browser, he'll find the old Firefox data and offer to import your bookmarks.
So not actually a bad or evil thing, IMHO. Imagine if uninstalling MS Word deleted all .doc files on your hard drive... :o)
Whenever I run Bleachbit on a computer that's never been cleaned I usually recover several Gigabytes of hard drive space.
I have a habit of clearing my browser cache sevearal times while browsing and run some simple commands that delete all temporary files and a final pass with Bleachbit's command line program.
I only enable cookies when needed (such as this rant) and then purge all after posting, and many sites still function without having Javascript enabled (such as this one)
Something in the researchers paper that isn't mentioned in the Reg's article:
"Weinberg et al. [57] demonstrated that these mitigations
are not enough—that web attackers can still creatively
leak history information. They used interactive tasks (e.g.,
CAPTCHAs) to trick users into disclosing history information,
inferred the color of links from screen reflections
in webcam images, and used re-paint events"
I have seen CAPTCHAs used on several deceptive and/or malicious sites.
My initial thought was this was used as a sort of "gateway' to protect their sites from being accessed by researchers using automated web scrapers.
I see that they may be using CAPTCHAs for other purposes as well.
To find all details of leftovers from uninstalls, firefox being one, i use search everything from void tools after uninstalls. I then choose which to delete. it is 100% effective at finding all leftovers. Another way is to go to users and app data folders after unhiding hidden files in msoft and do a manual search, iobit uninstaller also has a function to extra clean things that usually kills all leftovers
Why in the name of all that is noodly does any feature of CSS need a frickin' API?
The server sends the data, the browser presents it to the user. CSS makes suggestions about how it should do that, but suggestions is all they are. If the browser is sending information back about how it chose to present it - frankly it's time to tear down the whole Web and start over.
I'm under the impression that it would be JavaScript that would be programmed to track the state of CSS application to the page. There is nothing wrong with that, just that the CSS api and JavaScript (on the browser/client side) should not be able to blindly report this to the world.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
