[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Securing teh Intarwebs (Ultimate Solution ;)

Thus spake Mike Perry (mikepery@xxxxxxxxxx):

> Also, it appears that we also need to hook
> document.defaultView.getComputedStyle(link,null).getPropertyValue();
> somehow (perhaps by hooking getComputedStyle and clearing all
> properties for its return value if it is an "A" tag like I do with
> document.getElement*, or possibly by hooking the getPropertyValue
> method on the returned object) in order to defeat
> http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html

No, this is stupid. The adversary can just walk the DOM and look for A
tags. You have to be pro-active and walk the whole DOM first yourself,
and strip the attributes off of each A tag as you find it.

Or, perhaps getting the history clearing thing to work is the real
Ultimate Solution. You can use fileio in javascript to read
history.dat (see jshooks.js), but the main issue is file locking on
windows may prevent you from writing it out again since it appears firefox
never actually closes the file. It's worth a shot though. Perhaps they
don't lock the file while they have it open, and maybe they seek to the
beginning of it each time they read it out...

Ok, I promise I won't reply to myself any more. ;)

Mike Perry
Mad Computer Scientist
fscked.org evil labs