tracker-invites.org
Welcome, Guest. Please login or register.
March 10, 2010, 03:08:48 AM
 1065 Posts in 248 Topics by 123 Members
Latest Member: shaardu
tracker-invites.org  |  Discussion  |  BitTorrent  |  CSS HACK ..protect yourself !! « previous next »
Pages: [1]
Author Topic: CSS HACK ..protect yourself !!  (Read 45 times)
Nothinless
Master
***

Total Rep Points: 2
Posts: 101


View Profile
« on: January 26, 2010, 10:14:58 PM »
 Default  Security Warning (CSS Hack)
It has come to our attention that certain trackers, including x264, are utilizing an internet browser exploit to identify and ban TI members. The vulnerability is caused by some browsers' implementation of Cascading Style Sheets (CSS). This allows trackers to query your computer and identify which sites you belong to, including Torrent-Invites.com.


Is your computer vulnerable?

CSS Hack Test (without JavaScript)  http://ha.ckers.org/weird/CSS-history.cgi
CSS Hack Test (with JavaScript)   http://linuxbox.co.uk/stealing-browser-history-with-javascipt-and-css.php


What can you do to protect yourself?

OPTION 1 - Disable CSS Visited Links [Firefox Only]

    * Type "about:config" in the address bar
    * Type "layout.css.visited_links_enabled" in the filter list
    * Change the default value of "True" to "False" by double clicking it
    * Restart Firefox

OPTION 2 - Disable Browser History [Firefox Only]

    * Tools --> Clear Recent History
    * Tools --> Options --> uncheck "Remember my browsing history"

OPTION 3 - Use a Different Browser for TI

    * e.g. Use Firefox for TI and Internet Explorer for Trackers

OPTION 4 - Temporarily Enable Private Browsing

    * [Firefox 3.5] Tools --> Start Private Browsing
    * [IE 8] Tools --> InPrivate Browsing
    * [Chrome] Press Ctrl+Shift+N (Incognito)
    * [Safari] Safari --> Private Browsing
    * [Opera] Does NOT have a Private Browsing option.

NOTE: You will need re-enable Private Browsing each time you start the browser.


Additional Information:
CSS History Probing Explained--http://blogs.msdn.com/ieinternals/archive/2009/06/17/CSSHistoryProbing.aspx
Sniff Browser History Tutorial--http://www.niallkennedy.com/blog/2008/02/browser-history-sniff.html
BrowserSpy Test Site---http://browserspy.dk/css-exploit.php
StartPanicking Test Site---http://startpanic.com/


UPDATES [October 10th]

UPDATE 1 - HistoryBlock & NoScript Add-ons

    * NoScript only works with JavaScript based exploits
    * HistoryBlock does not work if you browse both sites at the same time*

*HistoryBlock utilizes the tab closed & download complete addEventListeners to initiate a history wipe. That leaves you exposed if you have both sites open in separate tabs at the same time or open TI from the same tab without going to an intermediate page first.

UPDATE 2 - Disabling Browser History

    * Does not work in IE
    * Does not work in Opera
    * Does not work in Safari

*Disabling history only works properly in Firefox.
Logged
Log1t3ch
Cheater
*

Total Rep Points: 5
Posts: 91


never+had+it never+had+it
View Profile
« Reply #1 on: January 27, 2010, 07:02:35 AM »
Glad u shared this with the community.
Already implemented some of the needed
changes. Thanks.
Logged
u see the road is over, make a bridge
inviter
Cheater
*

Total Rep Points: 4
Posts: 101



View Profile
« Reply #2 on: January 27, 2010, 12:01:12 PM »
Thanks for letting us know..
Logged
OysterKing
Starter
*

Total Rep Points: 0
Posts: 6


View Profile Email
« Reply #3 on: February 06, 2010, 02:16:17 AM »
I really appreciate this, i have changed my browser to safari now.
Logged
Pages: [1]
tracker-invites.org  |  Discussion  |  BitTorrent  |  CSS HACK ..protect yourself !! « previous next »
    Jump to:  


    Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!