Jondos claims that they has uncovered a new attack on web browsers: "The JonDoFox research team has uncovered a new attack on web browsers: Affected are the web browsers Firefox, Chrome and Safari. By a hidden call over of a URL with HTTP authentication data, third party sites could track a user over several web sites, even if the user blocks all cookies and other tracking procedures. For doing this, it is sufficient to include a simple CSS file: <link rel="stylesheet" type="text/css" "http://Session:[email protected]/auth.css.php";>
You will find a demonstration of this technique on the web site ip- check.info. JonDoFox now contains an integrated protection against this attack. Third party sites may now no longer receive HTTP authentication data from the browser" Here's the info on their blog: http://anonymous-proxy-servers.net/blog/index.php?/archives/299- JonDoFox-2.5.3-Provides-protection-against-new-HTTP-authorization- attack.html&user_language=en They add this "Authentication" feature to their anonymity test at http://ip-check.info. Of course it shows red(danger)for Tor Browser Bundle. Is it true danger or it's just a part of their advertising campaign? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
