The Underscore Archives

Hi Chris,

Wednesday, September 5, 2007, 1:18:25 PM, you wrote:

> Really, there's not so much going on here besides some clever use of
> the :visited pseudo-class, a single Gecko-only property and a few  
> HTTP requests. With the exception of the Gecko-only property, most of
> this has been possible from Netscape 4.x forward.

When I said tip of the ice-berg I meant in respect to what the author
has released so far.

> And the 'CSS Attacks' page <http://www.businessinfo.co.uk/labs/ 
> css_attacks/css_scripting.php> is utter rubbish. It's just using  

Not his blog. Try this:

http://www.thespanner.co.uk/2007/08/31/csk-demo/

I especially like the work he put into hacking the PHPIDS system
(which is a fantastic system btw, made all the more stronger
thanks to his work), his Safari zero day exploits, and his WordPress
lockdown scripts. If he says there is more to come re: CSK, then I
believe it.

Cheers,

Rich
-- 
Zend Certified Engineer
http://www.corephp.co.uk

"Never trust a computer you can't throw out of a window"