InformAction Forums

Hi Giorgio Maone,

The following attack vector: data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
was not being detected by NoScript when tested here: hxxp://bypass.xssing.com/testing.php?ve ... NjcmlwdD4=

luntrus

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). Not exactly: from the test's standpoint, it's ON because TorButton is doing more or less the same thing as Private Browsing and Safe History (i.e. b...

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...

Hi bazzargh, As Giorgio Maone mentioned when it is done via JavaScript there is no problem, because NoScript perfectly takes care of that one and similar issues; as a more permanent solution to the visited links issue at hand - Copy the code below as css file at /Users/luntrus/Library/Application Su...

Hi Giorgio Maone, Hello I have come to join you here. As you know every modern browser to-day has a so-called "pr0n"-button aboard in order to leave no surfing-traces behind, but websites are now very well able to record who it is that is trying to surf "anonymously". The way thi...

... first line of page source with Noscript enabled, Firefox Javascript also enabled. Page displays but refreshing goes on CONTINUOUSLY. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" ...

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...