css block results

        the following message if being didplayed on a on/off basis when I connect an my homepage dl's




      Why does this page look like this?  This page has been designed to work best with current browsers.  If you're seeing this message, you either have an older browser, or you have disabled CSS (Cascading Style Sheets) support in your browser.  You can continue using this browser, but you won't experience MSN at it's best.  Your experience may suffer, and the reliability and security of your information cannot be guaranteed



         my browser is current enough...but yes I have entered a block for css........I seem to recall that cascading style sheets can be exploited in some form or another...........I don't have the info on this at this time so can post more on that.

       the block actually resulted after I noticed that I had two connection to <msn> whenever connecting.....
..the the first block I made result in a white page displaying a redirect being blocked......an the page went no where.....an I just moved on....

       then I noticed something else....when viewing files in internet explorer........an ASHX file...ok, so whats a ASHX file??    so I blocked the <msn> site it came from...an now the above display if resulting....an I have only one connection to <msn> on connecting.....but I stress that this is not consistent.......the blocks are there but the results are now always the same.

      so, is this a <msn> call-home..........?


      for anyone interested the block was set on:

 (<wwx.msn.com/styles/css-site3>)      

       the redirect that also has been blocked is:

    (((((<link rel="stylesheet" type=yext/css>))))

        the < at the beginning actually belongs there


        I've no idea whats I am blocking here...but it seem to upset M$ so I like it........

 

       CAUTION:

        one of the posted links above is live/active....I thought when posting that it would not be "live" but it is.

        I clicled on the like...nothing appear...but my CPU says something went on.....careful here folks.....sorry for this mishap

 

Hi snowman,

the only thing I get there is this:

But I'm using NIS-ad-blocking-feature, IE-SPYAD, HOSTS, IEClean.
Anyway, thanks for it, I just now blocked c.msn.com in HOSTS (long time ago I already did block c.microsoft.com ).

 

       FanJ

       thank you for checking into to that link....I always worry about active links.


       just blocking the <c.msn> did not complete work in my case......the entire url as posted above had to be blocked.....the first block I made was the same as the one you made......it still got through......the ASHX file still would show up again......

      hmmmmmm....when I click that link nothing shows....whatever page thats open at the time remains the same.

 

      http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=4411




        the topic of this thread has now been discovered to be an exploit.........(hack)

 

          nice to see that this exploit has been discovered.......


          so,,,,has M$ been/is using this means to to profile users.?   no accusation....food for thought.

          since placing the blocks I have not expereinced this problem again......


       Paul and/or Mods


            seing that this has been discovered....perhaps it would be a good idea to delete the active link to MS posted above.........your call guys.

 

http://online.securityfocus.com/archive/1/265427

 

         Paul

         thanking you kindly.........defintely I have managed "somehow" to block the exploit entirely at this particular time...will contiue monitoring..




      SPECIAL NOTE

       disabling activeX  does not stop this exploit.
       activeX has not been enabled on my computer for a
       very long time......no zones have activeX enabled.

       an yet obviously this exploit was able to load on
       to my computer.     if disabling activeX was the
       solution...as stated by M$.....this exploit would
       not have loaded onto my os.


        this is posted as a pre-caution......other comments/
        opinions welcomed.


                         snowman


     

 

        am I mis-understanding something here......M$ is investigating this.......huh........css is needed/essential for the M$ homepage to load properly (as M$ would want/have it load)

      right now my homepage contains black letters/white background.........with css blocked.