Top 10 Web hacking techniques of 2010

From http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.html?page=1:

Full lists (including top 10 and many more) for each of past 5 years:
hxxp://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html
hxxp://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
hxxp://jeremiahgrossman.blogspot.com/2009/02/top-ten-web-hacking-techniques-of-2008.html
hxxp://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-official.html
hxxp://jeremiahgrossman.blogspot.com/2006/12/top-10-web-hacks-of-2006.html

 

@ MrBrian

Thanks for posting

Don't have it so

Tested it before and was

Disabled so

Always close FF before logging in anywhere critical and launch a new instance to go. Also immediately close FF straight afterwards & relaunch to move on. Plus FF is set to delete everything on close so

NoScript should take care of CJ at least so "maybe"

Don't use it so

Something would have to get in first to do that so

No Java so

Not sure about this ? Tried to test from the link, but couldn't see it ?

No Java so

Anyway, i "believe" i'm doing pretty good, unless someone knows better

EDIT - Tidy up & a bit more info

 

Interesting article, thanks.

 

& CloneRanger: you're welcome .

CloneRanger's analysis is an example of why I posted this in the first place: know what's out there so that one can try to protect one's self.

 

Thanks MrBrian for informative read

 

CloneRanger, you can make your Firefox immune to the CSS History Hack by going to about:config and setting layout.css.visited_links_enabled to false. This will disable giving visited links a different color and so the attacker cannot determine which links you've visited anymore.

 

@ BoerenkoolMetWorst

Thanks for replying with the Very useful tip I checked and already had it set like that



So i must have done it sometime earlier, but forgot Better to be reminded though, just in case and others can now also follow your good advice too