Facebook admits to constant "tracking" users web-surfing

[FromTheRafters]

"ASCII" <me2@privacy.net> wrote in message news:4e8f7e85.6138468@PEACE...
> Dustin wrote:
>>but I do remember reading about a
>>known vulnerability which will cause the browser to offer up it's
>>history and cache to the server upon request.. I'll look into it more.
>
> Sounds like some js trick instead of CSS (a display mode),
> but in Opera you can periodically dump the browsing cache
> with a simple keyboard entry [ctrl + T] [D] [enter].
> Be sure to check all boxes in the dropdown 'Detailed Options'.

He's probably remembering an XSS browsing history attack.

XSS (formerly CSS) exploits a client's trust relationship with a server.

http://crypto.stanford.edu/cs155/papers/CSS.pdf

[Dustin]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j6is8c$hvv$1@dont-email.me:

> "ASCII" <me2@privacy.net> wrote in message
> news:4e8f7e85.6138468@PEACE...
>> Dustin wrote:
>>>but I do remember reading about a
>>>known vulnerability which will cause the browser to offer up it's
>>>history and cache to the server upon request.. I'll look into it
>>>more.
>>
>> Sounds like some js trick instead of CSS (a display mode),
>> but in Opera you can periodically dump the browsing cache
>> with a simple keyboard entry [ctrl + T] [D] [enter].
>> Be sure to check all boxes in the dropdown 'Detailed Options'.
>
> He's probably remembering an XSS browsing history attack.
>
> XSS (formerly CSS) exploits a client's trust relationship with a
> server.
>
> http://crypto.stanford.edu/cs155/papers/CSS.pdf
>
>
>

That's it... My bad for getting the two confused... ugh.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in
news:j6h3cj$m4d$2@dont-email.me:

> Dustin wrote:
>> FromTheRafters<erratic@nomail.afraid.org> wrote in
>> news:j65csr$e9e$1@dont-email.me:
>>
>>> Beauregard T. Shagnasty wrote:
>>>> FromTheRafters wrote:
>>>>
>>>>> "Beauregard T. Shagnasty" wrote:
>>>>>> Dustin wrote:
>>>>>>> That's not a cookie issue. It's an OLD vulnerability I think?
>>>>>>> in the css. Any website can ask your browser for a dump of
>>>>>>> it's entire history.
>>>>>>
>>>>>> It *is* the cookies. CSS is benign text that controls the
>>>>>> display of the page you are viewing. It can't do anything at
>>>>>> all to track you.
>>>>>
>>>>> Yes, Dustin may be using an older no longer used abbreviation
>>>>> for Cross Site Scripting (CSS) which now means Cascading Style
>>>>> Sheets.
>>>>>
>>>>> Cross Site Scripting is XSS now.
>>>>
>>>> Okay. CSS has been Cascading Style Sheets since .. somewhere into
>>>> the last millennium<g>.
>>>>
>>> Even though there is no confusion over CSRF/XSRF like there was
>>> over CSS/XSS, XSRF is often used anyway apparently in keeping with
>>> XSS and XMAS. )
>>>
>>
>> My bad my bad.
>
> Thank you, Dustin! :-)
>
>

for?


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.org> wrote in
> news:j6h3cj$m4d$2@dont-email.me:
>
>> Dustin wrote:
>>> FromTheRafters<erratic@nomail.afraid.org> wrote in
>>> news:j65csr$e9e$1@dont-email.me:
>>>
>>>> Beauregard T. Shagnasty wrote:
>>>>> FromTheRafters wrote:
>>>>>
>>>>>> "Beauregard T. Shagnasty" wrote:
>>>>>>> Dustin wrote:
>>>>>>>> That's not a cookie issue. It's an OLD vulnerability I think?
>>>>>>>> in the css. Any website can ask your browser for a dump of
>>>>>>>> it's entire history.
>>>>>>>
>>>>>>> It *is* the cookies. CSS is benign text that controls the
>>>>>>> display of the page you are viewing. It can't do anything at
>>>>>>> all to track you.
>>>>>>
>>>>>> Yes, Dustin may be using an older no longer used abbreviation
>>>>>> for Cross Site Scripting (CSS) which now means Cascading Style
>>>>>> Sheets.
>>>>>>
>>>>>> Cross Site Scripting is XSS now.
>>>>>
>>>>> Okay. CSS has been Cascading Style Sheets since .. somewhere into
>>>>> the last millennium<g>.
>>>>>
>>>> Even though there is no confusion over CSRF/XSRF like there was
>>>> over CSS/XSS, XSRF is often used anyway apparently in keeping with
>>>> XSS and XMAS. )
>>>>
>>>
>>> My bad my bad.
>>
>> Thank you, Dustin! :-)
>>
>>
>
> for?
>
>

Accepting that you were wrong on this occasion.

[Bullwinkle.]

Now, that is something you know a lot about as you are wrong
nearly everytime....LOL


"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6jfm5$cbc$1@dont-email.me...

Accepting that you were wrong on this occasion.

[FromTheRafters]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6jfm5$cbc$1@dont-email.me...
> Dustin wrote:
>> ~BD~<~BD~@nomail.afraid.org> wrote in
>> news:j6h3cj$m4d$2@dont-email.me:
>>
>>> Dustin wrote:
>>>> FromTheRafters<erratic@nomail.afraid.org> wrote in
>>>> news:j65csr$e9e$1@dont-email.me:
>>>>
>>>>> Beauregard T. Shagnasty wrote:
>>>>>> FromTheRafters wrote:
>>>>>>
>>>>>>> "Beauregard T. Shagnasty" wrote:
>>>>>>>> Dustin wrote:
>>>>>>>>> That's not a cookie issue. It's an OLD vulnerability I think?
>>>>>>>>> in the css. Any website can ask your browser for a dump of
>>>>>>>>> it's entire history.
>>>>>>>>
>>>>>>>> It *is* the cookies. CSS is benign text that controls the
>>>>>>>> display of the page you are viewing. It can't do anything at
>>>>>>>> all to track you.
>>>>>>>
>>>>>>> Yes, Dustin may be using an older no longer used abbreviation
>>>>>>> for Cross Site Scripting (CSS) which now means Cascading Style
>>>>>>> Sheets.
>>>>>>>
>>>>>>> Cross Site Scripting is XSS now.
>>>>>>
>>>>>> Okay. CSS has been Cascading Style Sheets since .. somewhere into
>>>>>> the last millennium<g>.
>>>>>>
>>>>> Even though there is no confusion over CSRF/XSRF like there was
>>>>> over CSS/XSS, XSRF is often used anyway apparently in keeping with
>>>>> XSS and XMAS. )
>>>>>
>>>>
>>>> My bad my bad.
>>>
>>> Thank you, Dustin! :-)
>>>
>>>
>>
>> for?
>>
>>
>
> Accepting that you were wrong on this occasion.

He wasn't. He was using the older terminology correctly. Like "SysOp" and
"coder" he was using terminology that he knows, in the correct way, while
others were misunderstanding him due to newer terminology usurping the
older.

Cross-Site Scripting was being discussed around 1990 or so, and the CSS-1
specification (Cascading Style Sheets) was being drafted around 1997 and
was almost fully implemented in browsers by the time Windows 2000 came out.
CSS came to mean Cascading Style Sheets by website "coders" and "SysOps"
everywhere. The security folks have now adopted XSS as the new terminology.

BTW, that *was* the last millennium. D

[~BD~]

FromTheRafters wrote:
> "~BD~"<~BD~@nomail.afraid.org> wrote in message
> news:j6jfm5$cbc$1@dont-email.me...
>> Dustin wrote:
>>> ~BD~<~BD~@nomail.afraid.org> wrote in
>>> news:j6h3cj$m4d$2@dont-email.me:
>>>
>>>> Dustin wrote:

[....]

>>>>> My bad my bad.
>>>>
>>>> Thank you, Dustin! :-)
>>>>
>>>>
>>>
>>> for?
>>>
>>>
>>
>> Accepting that you were wrong on this occasion.
>
> He wasn't. He was using the older terminology correctly. Like "SysOp" and
> "coder" he was using terminology that he knows, in the correct way, while
> others were misunderstanding him due to newer terminology usurping the
> older.
>
> Cross-Site Scripting was being discussed around 1990 or so, and the CSS-1
> specification (Cascading Style Sheets) was being drafted around 1997 and
> was almost fully implemented in browsers by the time Windows 2000 came out.
> CSS came to mean Cascading Style Sheets by website "coders" and "SysOps"
> everywhere. The security folks have now adopted XSS as the new terminology.
>
> BTW, that *was* the last millennium. D


Hahaha! You are getting old, FTR! ;-)

Things change, that's for sure!

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message news:j6k5dh$2jc$1@dont-email.me...

> Hahaha! You are getting old, FTR! ;-)
>
> Things change, that's for sure!



There is one thing that never changes. Stagnant and always the same. Let us see how
smart you are BD. Tell me what that is

JS

[Jenn]

FromTheRafters wrote:
> "~BD~" <~BD~@nomail.afraid.org> wrote in message
> news:j6jfm5$cbc$1@dont-email.me...
>> Dustin wrote:
>>> ~BD~<~BD~@nomail.afraid.org> wrote in
>>> news:j6h3cj$m4d$2@dont-email.me:
>>>
>>>> Dustin wrote:
>>>>> FromTheRafters<erratic@nomail.afraid.org> wrote in
>>>>> news:j65csr$e9e$1@dont-email.me:
>>>>>
>>>>>> Beauregard T. Shagnasty wrote:
>>>>>>> FromTheRafters wrote:
>>>>>>>
>>>>>>>> "Beauregard T. Shagnasty" wrote:
>>>>>>>>> Dustin wrote:
>>>>>>>>>> That's not a cookie issue. It's an OLD vulnerability I think?
>>>>>>>>>> in the css. Any website can ask your browser for a dump of
>>>>>>>>>> it's entire history.
>>>>>>>>>
>>>>>>>>> It *is* the cookies. CSS is benign text that controls the
>>>>>>>>> display of the page you are viewing. It can't do anything at
>>>>>>>>> all to track you.
>>>>>>>>
>>>>>>>> Yes, Dustin may be using an older no longer used abbreviation
>>>>>>>> for Cross Site Scripting (CSS) which now means Cascading Style
>>>>>>>> Sheets.
>>>>>>>>
>>>>>>>> Cross Site Scripting is XSS now.
>>>>>>>
>>>>>>> Okay. CSS has been Cascading Style Sheets since .. somewhere
>>>>>>> into the last millennium<g>.
>>>>>>>
>>>>>> Even though there is no confusion over CSRF/XSRF like there was
>>>>>> over CSS/XSS, XSRF is often used anyway apparently in keeping
>>>>>> with XSS and XMAS. )
>>>>>>
>>>>>
>>>>> My bad my bad.
>>>>
>>>> Thank you, Dustin! :-)
>>>>
>>>>
>>>
>>> for?
>>>
>>>
>>
>> Accepting that you were wrong on this occasion.
>
> He wasn't. He was using the older terminology correctly. Like "SysOp"
> and "coder" he was using terminology that he knows, in the correct
> way, while others were misunderstanding him due to newer terminology
> usurping the older.
>
> Cross-Site Scripting was being discussed around 1990 or so, and the
> CSS-1 specification (Cascading Style Sheets) was being drafted around
> 1997 and was almost fully implemented in browsers by the time Windows
> 2000 came out. CSS came to mean Cascading Style Sheets by website
> "coders" and "SysOps" everywhere. The security folks have now adopted
> XSS as the new terminology.
> BTW, that *was* the last millennium. D

It's nice that you have come around to my way of thinking. :-) {{you have
been assimilated}}

--
Jenn

[~BD~]

Peter Foldes wrote:
> "~BD~" <~BD~@nomail.afraid.org> wrote in message
> news:j6k5dh$2jc$1@dont-email.me...
>
>> Hahaha! You are getting old, FTR! ;-)
>>
>> Things change, that's for sure!
>
>
>
> There is one thing that never changes. Stagnant and always the same. Let
> us see how smart you are BD. Tell me what that is

God's love for us.