Visited porn? Web browser flaw secretly bares all

Lost

http://news.yahoo.com/s/ap/20101205/ap_on_...ts_exposed

SAN FRANCISCO – Dozens of websites have been secretly harvesting lists of places that their users previously visited online, everything from news articles to bank sites to pornography, a team of computer scientists found.

Glade they got around and told us Evil

http://www.theregister.co.uk/2010/04/05/fi...story_fix/

It's also worth noting that most of the attacks can be eliminated by blocking a site's ability to run Javascript. That means users of the NoScript add-on for Firefox will in many cases be protected against the attack. Then again, it's getting harder and harder to do anything online without Javascript. Any site that has the ability to run code also has the ability to silently pilfer your browsing history.
_________________
Micah 6:8 He has showed you, O man, what is good. And what does the Lord require of you? To act justly,
and to love mercy and to walk humbly with your God.

nevadacrab · Joined: 02 Feb 2008 Posts: 479 Location: Henderson, Nevada

Can we get a list of these web sites? Denying javascript doesn't solve the problem unless we are willing to give up javascript on
all sites.

pete · ๑۞๑ Joined: 29 Apr 2002 Posts: 2608

The noscript add on allows you to choose which sites may run script.
It also indicates when something is being blocked....
You may then decide whether to give temporary or permanent permission to various sites.

When you log out of your bank or brokerage account (anything personal or financial), close your browser, or use Firefox's "Clear private Data" tool. Do not save "cookies" for sensitive sites.

nevadacrab · Joined: 02 Feb 2008 Posts: 479 Location: Henderson, Nevada

pete wrote:

The noscript add on allows you to choose which sites may run script.
It also indicates when something is being blocked....
You may then decide whether to give temporary or permanent permission to various sites.

Exactly. How do you know which sites are safe for javascript?

digger · ๑۞๑ Joined: 29 Mar 2001 Posts: 2656

I wouldn't worry too much about this. It's definitely not worth disabling javascript over.

Dude111 · Joined: 23 Nov 2007 Posts: 972

I went to this site and my browser locked up! (Nothing ended up ever displaying)

plodr · Administrator Joined: 12 Apr 2001 Posts: 7411

Fortunately, I goggled the site posted by Dude111 and Malwarebytes blocked it. I suggest everyone forget that site!

Dude111 · Joined: 23 Nov 2007 Posts: 972

Thank you PLODR,i have removed the site! (It didnt work anyway)

plodr · Administrator Joined: 12 Apr 2001 Posts: 7411

You should be running malwarebytes. Believe me, it is worth the money to prevent you from stumbling on to malicious sites. These days, it is next to impossible to tell a good site from a bad one.

frapper · Posted: Wed Dec 08, 2010 10:50 am Post subject:

Running WOT - Web of Trust is a good addition too. Especially for avoiding bad sites in your Google search results. It comes as an addon for FF and there is also an IE version as well.

http://www.mywot.com/

ramjet · Joined: 20 Jul 2002 Posts: 161

Since it was offered in FF, I always use private browsing for anything financial so that there is no browser history. I just hope that it works as advertised because I don't want any of this information on my computer at all.