Start panicking, got this link!

[polonus]

Hi malware fighters,

Got this link from NoScript's Giorgio Maone: http://startpanic.com/
What obfuscated script can do, well like to hear your comments?

polonus

[DavidR]

No problem here, Firefox and NoScript

Seriously I don't waste much time worrying about any of this stuff, there is little point.

Ensure you have a robust back-up and recovery strategy (plus a few pro-active measures) and you can laugh in the face of adversity

If you fail to plan, then you plan to fail.
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

[CharleyO]

***

Interesting ... I've been to hundreds of sites in the last few days yet the list only had 5; one of which was startpanic. Of the 4 others, 2 of them I had not been to in more than a week.

OK ... so, those 4 sites I need to be more careful with and I need to check the source codes.


***

[polonus]

Well, if you visit this site in GoogleChrome, you easily can get up to 40 sites visited, in Fx with NoScript none,

pol

[DavidR]

I enabled the site to see what it gathered (previously zero), same here only show the last 5 (different domains), which I presume is the intention or the scan could take ages, it took some time just to gather that.

I don't believe it has nothing to do with the sites you visit, but your browser storing browser history. Firefox also has the infamous Amazing address bar, that tries to save you having to type all the URL but to give predictive options based on sites you have visited (presumably from your bookmarks). This information, I dare say could also along with browser history be retrieved, personally I don't give a stuff who knows where I have been

[polonus]

Hi DavidR,

Well NoScript can protect partially against this POC fully when performed with javascript and there is also a slower version via a CSS hack where one need not use javascript, but the real true protection against this is SafeHistory or StartPrivateBrowsing, so Ctrl + Shft + P that I have inside Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090508 Shiretoko/3.5b5pre ID:20090508043756
So one can imagine how secure some online proxies were (they were not),
In Mozilla this is at the crux of it:
http://doxygen.db48x.net/mozilla-full/html/d5/dc9/interfacensIContentViewer.html
But they are already working on a patch - and there is the above mentioned solution for users of Fx,

polonus

[John2009]

Im confused, what does this do?

[DavidR]

IMHO, nothing to start panicking about

Whilst this example is about privacy, it is possible to do more than simply see what a users browsing habits are.

So measures to protect you from harm are more important than any privacy concerns.

[lee16]

Although i agree everyone should have security on there PC (and a backup) there is such a thing as to much security (it simply bloats up and slows the PC).
FUD sites create money, simple as that.

--lee

[Dwarden]

i rofled when i checked with IE8 ... it obviously shows all sites in like last 1-3 days history

[drhayden1]

nothing to start panicking about

Never have-just practice safe browsing habits and such
Firefox 3.0.10 showed 7 sites

[Marc57]

With IE8 on Windows 7 with InPrivate filtering on by default- 4

With InPrivate browsing-0

[.: Mac :.]

Firefox 3.0.10 showed 4 sites. Safari 4.0 beta crashed within 15 seconds.