css block results

Discussion in 'other security issues & news' started by snowman, Apr 9, 2002.

Thread Status:
Not open for further replies.
  1. snowman

    snowman Guest

            the following message if being didplayed on a on/off basis when I connect an my homepage dl's




          Why does this page look like this?  This page has been designed to work best with current browsers.  If you're seeing this message, you either have an older browser, or you have disabled CSS (Cascading Style Sheets) support in your browser.  You can continue using this browser, but you won't experience MSN at it's best.  Your experience may suffer, and the reliability and security of your information cannot be guaranteed



             my browser is current enough...but yes I have entered a block for css........I seem to recall that cascading style sheets can be exploited in some form or another...........I don't have the info on this at this time so can post more on that.

           the block actually resulted after I noticed that I had two connection to <msn> whenever connecting.....
    ..the the first block I made result in a white page displaying a redirect being blocked......an the page went no where.....an I just moved on....

           then I noticed something else....when viewing files in internet explorer........an ASHX file...ok, so whats a ASHX file??    so I blocked the <msn> site it came from...an now the above display if resulting....an I have only one connection to <msn> on connecting.....but I stress that this is not consistent.......the blocks are there but the results are now always the same.

          so, is this a <msn> call-home..........?


          for anyone interested the block was set on:

     (<wwx.msn.com/styles/css-site3>)      

           the redirect that also has been blocked is:

        (((((<link rel="stylesheet" type=yext/css>))))

            the < at the beginning actually belongs there


            I've no idea whats I am blocking here...but it seem to upset M$ so I like it........
     
  2. snowman

    snowman Guest

           CAUTION:

            one of the posted links above is live/active....I thought when posting that it would not be "live" but it is.

            I clicled on the like...nothing appear...but my CPU says something went on.....careful here folks.....sorry for this mishap
     
  3. FanJ

    FanJ Guest

    Hi snowman,

    the only thing I get there is this:

    But I'm using NIS-ad-blocking-feature, IE-SPYAD, HOSTS, IEClean.
    Anyway, thanks for it, I just now blocked c.msn.com in HOSTS (long time ago I already did block c.microsoft.com ).
     
  4. snowman

    snowman Guest

           FanJ

           thank you for checking into to that link....I always worry about active links.


           just blocking the <c.msn> did not complete work in my case......the entire url as posted above had to be blocked.....the first block I made was the same as the one you made......it still got through......the ASHX file still would show up again......

          hmmmmmm....when I click that link nothing shows....whatever page thats open at the time remains the same.
     
  5. snowman

    snowman Guest

          http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=4411




            the topic of this thread has now been discovered to be an exploit.........(hack)
     
  6. snowman

    snowman Guest

              nice to see that this exploit has been discovered.......


              so,,,,has M$ been/is using this means to to profile users.?   no accusation....food for thought.

              since placing the blocks I have not expereinced this problem again......


           Paul and/or Mods


                seing that this has been discovered....perhaps it would be a good idea to delete the active link to MS posted above.........your call guys.
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    snowman,

    Not deleted, but made into an inactive link (wwx). Thus, anyone who feels the need to visit the URL, can do so by altering the URL. Best of both worlds - I hope!

    regards.

    paul
     
  8. FanJ

    FanJ Guest

    http://online.securityfocus.com/archive/1/265427

     
  9. snowman

    snowman Guest

             Paul

             thanking you kindly.........defintely I have managed "somehow" to block the exploit entirely at this particular time...will contiue monitoring..




          SPECIAL NOTE

           disabling activeX  does not stop this exploit.
           activeX has not been enabled on my computer for a
           very long time......no zones have activeX enabled.

           an yet obviously this exploit was able to load on
           to my computer.     if disabling activeX was the
           solution...as stated by M$.....this exploit would
           not have loaded onto my os.


            this is posted as a pre-caution......other comments/
            opinions welcomed.


                             snowman


         
     
  10. snowman

    snowman Guest

            am I mis-understanding something here......M$ is investigating this.......huh........css is needed/essential for the M$ homepage to load properly (as M$ would want/have it load)

          right now my homepage contains black letters/white background.........with css blocked.
     
Loading...
Thread Status:
Not open for further replies.