lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040721205601.76190.qmail@web21407.mail.yahoo.com>
From: greyhatthe2nd at yahoo.com (John Dowling)
Subject: A Popup! In Mozilla!

I disagree.

Initially, the image used in that popup actually comes
from a different server, but that's trivial.  What I
see as a bigger issue is that blocking the image from
the server leaves the user with an empty div block
covering the page, and blocking the site serving the
div content could essentially render the div
'uncloseable'.  Of course, this is more along the
lines of browseability, and does not seem to have any
very obvious security implications above and beyond
what can be served via a page without the annoying
<div>.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On
Behalf Of Charles Richmond
Sent: Wednesday, July 21, 2004 7:48 AM
To: Dave King
Cc: Full Disclosure; James Woodcock
Subject: Re: [Full-Disclosure] A Popup! In Mozilla!

Add the following to adblock

	http://2-spyware.com/images/*

On Jul 21, 2004, at 1:44 AM, Dave King wrote:

> This isn't a normal "popup" in that it doesn't open
a new browser 
> window.  All they're doing is placing this great
animated gif  over 
> the middle of the page using absolute positioning in
the DIV tag.  
> Notice that it looks like an IE window even in
Firefox.  Really this 
> is a sneaky trick that is pretty annoying.  I think
this type of ad 
> placement is going to be hard to block since most of
the time absolute 
> positioning images is just part of the normal page
and has nothing to 
> do with ads, even though I guess at one time pop-ups
were used 
> legitimately almost exclusively.  At least this page
seems to be 
> thoughtful enough to only display the ad the first
time you visit it.  
> Tricky little devils aren't they (and getting
trickier all the time).
>

                                                  
Charles Richmond

       Implemented Integrated Systems Corporation 
http://www.iisc.com
     O/S, I18N, Systems Development, Process and
Integration Providers
     cmr@...c.com   cmr@....org   YIM:cmriisc 
http://www.iisc.com/cmr
            7B West St., Somerville, Ma. USA 02144 
(781) 389 9777

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ