473,698 Members | 2,668 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Cascading Style Sheet is an Extreme Hazard

Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
allows others on the internet to see your monitor and files. It allows
them to copy images on your monitor to their computers. It also allows
them to copy files from your computer to their's. It is dangerous.
Avoid at all costs.

CSS that isn't stored in the victim's computer. Instead it is stored in
the perpetrator's PC. What it does is it reads everything on the
victim's screen and checks on the victim's visited webpages and can
even read text from any text or word application being used by the
victim. CSS is not a security risk and does not trick the victim's PC
into sending info to the perp. However, this is an extreme invasion of
the victim's privacy. The victim has no idea, that he/she is being
violated. The assailant can read text, and see any pictures that happen
to be on the victim's monitor without actually accessing the victim's
computer.

Your computer may not be at all damaged or touched. However, your
confidential information can easily be read by the attacker and anyone
the attacker gives it to. You don't have to download anything, visit
any website, or even use a browser to be attacked. You just need to be
connected to the internet and the attacker can strike you.

Once again, the victim's PC does not store any part of CSS. All info
and software is stored in the assailant's PC.

May 1 '06 #1
9 2026
Radium wrote:
Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
allows others on the internet to see your monitor and files. It allows
them to copy images on your monitor to their computers. It also allows
them to copy files from your computer to their's. It is dangerous.
Avoid at all costs.

CSS that isn't stored in the victim's computer. Instead it is stored in
the perpetrator's PC. What it does is it reads everything on the
victim's screen and checks on the victim's visited webpages and can
even read text from any text or word application being used by the
victim. CSS is not a security risk and does not trick the victim's PC
into sending info to the perp. However, this is an extreme invasion of
the victim's privacy. The victim has no idea, that he/she is being
violated. The assailant can read text, and see any pictures that happen
to be on the victim's monitor without actually accessing the victim's
computer.

Your computer may not be at all damaged or touched. However, your
confidential information can easily be read by the attacker and anyone
the attacker gives it to. You don't have to download anything, visit
any website, or even use a browser to be attacked. You just need to be
connected to the internet and the attacker can strike you.

Once again, the victim's PC does not store any part of CSS. All info
and software is stored in the assailant's PC.


To see how utterly WRONG Radium's comments are, please visit
http://www.w3.org/Style/CSS/

The whole point of style sheets is to format text and images on the
client screen. They are very effective for setting type faces and
backgrounds for things like navigation bars over an entire web site. The
only data transmitted back to the web server is requests for the HTML
page, requests for the external style sheets and requests for any images
either requests.

At the worst, a site would be able to use styles with a background image
to track visitors, which could also be accomplished with a regular HTML
image tag. Do a Google search for "Web Bug".

Style sheets can be on the client computer in the form of embedded and
in-line styles that are visible in the page's HTML source. External
style sheets are copied to the client's temporary Internet folder. Just
set you OS's search function to show hidden and system files names "*.css".

It's possible Radium is thinking of CGI (Common Gateway Interface see
http://www.w3.org/CGI/) Visual Basic scripts or ActiveX controls. In
addition to style sheets these technologies are commonly used on web
sites. Many functions like on-line maps and web based email wouldn't be
possible without one, and in some cases two of these technologies,
mostly CGI and style sheets. Java and JavaScript are often used as well,
but have tighter access restrictions than the ActiveX controls.
May 1 '06 #2
In comp.infosystem s.www.authoring.stylesheets Radium <gl*******@exci te.com> wrote:

| Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
| allows others on the internet to see your monitor and files. It allows
| them to copy images on your monitor to their computers. It also allows
| them to copy files from your computer to their's. It is dangerous.
| Avoid at all costs.
|
| CSS that isn't stored in the victim's computer. Instead it is stored in
| the perpetrator's PC. What it does is it reads everything on the
| victim's screen and checks on the victim's visited webpages and can
| even read text from any text or word application being used by the
| victim. CSS is not a security risk and does not trick the victim's PC
| into sending info to the perp. However, this is an extreme invasion of
| the victim's privacy. The victim has no idea, that he/she is being
| violated. The assailant can read text, and see any pictures that happen
| to be on the victim's monitor without actually accessing the victim's
| computer.
|
| Your computer may not be at all damaged or touched. However, your
| confidential information can easily be read by the attacker and anyone
| the attacker gives it to. You don't have to download anything, visit
| any website, or even use a browser to be attacked. You just need to be
| connected to the internet and the attacker can strike you.
|
| Once again, the victim's PC does not store any part of CSS. All info
| and software is stored in the assailant's PC.

You forgot about the fact that it can listen to every word spoken in your
house right through the speakers, even when the computer is turned off.
And it can make the web cam look around corners, even two at once. But
the feature teens love most is it allows cyber sex using just a mouse even
when they are not online through their MySpace page.

:-P

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
May 1 '06 #3
ph************* *@ipal.net schrieb:

You forgot about the fact that it can listen to every word spoken in your
house right through the speakers, even when the computer is turned off.
And it can make the web cam look around corners, even two at once. But
the feature teens love most is it allows cyber sex using just a mouse even
when they are not online through their MySpace page.

:-P

Now you just beat me to that type of answer - I just love it.
May 1 '06 #4
"RobertVA" <ro************ *****@invalid.c om> wrote in message
news:OL******** ******@TK2MSFTN GP04.phx.gbl...
Radium wrote:
Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
allows others on the internet to see your monitor and files. [SNIP]


To see how utterly WRONG Radium's comments are, please visit
http://www.w3.org/Style/CSS/

The whole point of style sheets is to format text and images on the client
screen. They are very effective for setting type faces and backgrounds for
things like navigation bars over an entire web site. The only data
transmitted back to the web server is requests for the HTML page, requests
for the external style sheets and requests for any images either requests.

At the worst, a site would be able to use styles with a background image
to track visitors, which could also be accomplished with a regular HTML
image tag. Do a Google search for "Web Bug".

Style sheets can be on the client computer in the form of embedded and
in-line styles that are visible in the page's HTML source. External style
sheets are copied to the client's temporary Internet folder. Just set you
OS's search function to show hidden and system files names "*.css".

It's possible Radium is thinking of CGI (Common Gateway Interface see
http://www.w3.org/CGI/) Visual Basic scripts or ActiveX controls. In
addition to style sheets these technologies are commonly used on web
sites. Many functions like on-line maps and web based email wouldn't be
possible without one, and in some cases two of these technologies, mostly
CGI and style sheets. Java and JavaScript are often used as well, but have
tighter access restrictions than the ActiveX controls.


Your reasoning, it seems to me, is based on the *normal* way stylesheets
work. Hackers exploit abnormal (pathological) behavior.

Aren't you overlooking the possibility that browsers have bugs in them (god
knows browsers seem to have tons of bugs) that involve style sheets, and
that there might indeed be, for example, buffer overflow bugs in browsers,
such that a particular style sheet *does* enable a website to screw around
with the user's computer?

I've never heard of such a bug, but we see this sort of thing all the time
in other software.

-Dana
May 1 '06 #5
Radium wrote:
Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
allows others on the internet to see your monitor and files. It allows
them to copy images on your monitor to their computers. It also allows
them to copy files from your computer to their's. It is dangerous.
Avoid at all costs.


CSS doesn't *do* anything. Are you thinking of Javascript?

As far as reading the text and pictures on your monitor is concerned--if
you're running a web server, your server *already* knows what text and
images its sending to clients--how would it serve them otherwise? What
would be the point of sending CSS or Javascript afterwards to read what
it had just gotten through sending?
May 1 '06 #6
In comp.infosystem s.www.authoring.stylesheets Harlan Messinger <hm************ *******@comcast .net> wrote:

| Radium wrote:
|> Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
|> allows others on the internet to see your monitor and files. It allows
|> them to copy images on your monitor to their computers. It also allows
|> them to copy files from your computer to their's. It is dangerous.
|> Avoid at all costs.
|
| CSS doesn't *do* anything. Are you thinking of Javascript?
|
| As far as reading the text and pictures on your monitor is concerned--if
| you're running a web server, your server *already* knows what text and
| images its sending to clients--how would it serve them otherwise? What
| would be the point of sending CSS or Javascript afterwards to read what
| it had just gotten through sending?

However, badly implemented CSS (i.e. IE) can allow someone to bypass some
javascript filters, and get javascript to run, even though no exact string
of "javascript " was being uploaded. E.g. the guy on MySpace with over a
million friends.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
May 1 '06 #7
Dana Cartwright wrote:
"RobertVA" <ro************ *****@invalid.c om> wrote in message
news:OL******** ******@TK2MSFTN GP04.phx.gbl...
Radium wrote:
Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
allows others on the internet to see your monitor and files. [SNIP]

To see how utterly WRONG Radium's comments are, please visit
http://www.w3.org/Style/CSS/

The whole point of style sheets is to format text and images on the client
screen. They are very effective for setting type faces and backgrounds for
things like navigation bars over an entire web site. The only data
transmitted back to the web server is requests for the HTML page, requests
for the external style sheets and requests for any images either requests.

At the worst, a site would be able to use styles with a background image
to track visitors, which could also be accomplished with a regular HTML
image tag. Do a Google search for "Web Bug".

Style sheets can be on the client computer in the form of embedded and
in-line styles that are visible in the page's HTML source. External style
sheets are copied to the client's temporary Internet folder. Just set you
OS's search function to show hidden and system files names "*.css".

It's possible Radium is thinking of CGI (Common Gateway Interface see
http://www.w3.org/CGI/) Visual Basic scripts or ActiveX controls. In
addition to style sheets these technologies are commonly used on web
sites. Many functions like on-line maps and web based email wouldn't be
possible without one, and in some cases two of these technologies, mostly
CGI and style sheets. Java and JavaScript are often used as well, but have
tighter access restrictions than the ActiveX controls.


Your reasoning, it seems to me, is based on the *normal* way stylesheets
work. Hackers exploit abnormal (pathological) behavior.

Aren't you overlooking the possibility that browsers have bugs in them (god
knows browsers seem to have tons of bugs) that involve style sheets, and
that there might indeed be, for example, buffer overflow bugs in browsers,
such that a particular style sheet *does* enable a website to screw around
with the user's computer?

I've never heard of such a bug, but we see this sort of thing all the time
in other software.

-Dana


Gee, if you're that worried you shouldn't be on-line AT ALL.
May 1 '06 #8
ph************* *@ipal.net wrote:
In comp.infosystem s.www.authoring.stylesheets Harlan Messinger <hm************ *******@comcast .net> wrote:

| Radium wrote:
|> Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
|> allows others on the internet to see your monitor and files. It allows
|> them to copy images on your monitor to their computers. It also allows
|> them to copy files from your computer to their's. It is dangerous.
|> Avoid at all costs.
|
| CSS doesn't *do* anything. Are you thinking of Javascript?
|
| As far as reading the text and pictures on your monitor is concerned--if
| you're running a web server, your server *already* knows what text and
| images its sending to clients--how would it serve them otherwise? What
| would be the point of sending CSS or Javascript afterwards to read what
| it had just gotten through sending?

However, badly implemented CSS (i.e. IE) can allow someone to bypass some
javascript filters, and get javascript to run, even though no exact string
of "javascript " was being uploaded. E.g. the guy on MySpace with over a
million friends.


It still has nothing to do with CSS proper. It has to do with IE
recognizing Javascript *behaviors* embedded in CSS files. If sites like
MySpace aren't filtering those scripts, it's the same kind of problem
that there'd be if they didn't filter out SCRIPT tags. Yes, it's a
problem, but it isn't CSS that's the hazard.
May 1 '06 #9
In comp.infosystem s.www.authoring.stylesheets Harlan Messinger <hm************ *******@comcast .net> wrote:
| ph************* *@ipal.net wrote:
|> In comp.infosystem s.www.authoring.stylesheets Harlan Messinger <hm************ *******@comcast .net> wrote:
|>
|> | Radium wrote:
|> |> Cascading Style Sheet [.css] is an extreme hazard to your privacy. It
|> |> allows others on the internet to see your monitor and files. It allows
|> |> them to copy images on your monitor to their computers. It also allows
|> |> them to copy files from your computer to their's. It is dangerous.
|> |> Avoid at all costs.
|> |
|> | CSS doesn't *do* anything. Are you thinking of Javascript?
|> |
|> | As far as reading the text and pictures on your monitor is concerned--if
|> | you're running a web server, your server *already* knows what text and
|> | images its sending to clients--how would it serve them otherwise? What
|> | would be the point of sending CSS or Javascript afterwards to read what
|> | it had just gotten through sending?
|>
|> However, badly implemented CSS (i.e. IE) can allow someone to bypass some
|> javascript filters, and get javascript to run, even though no exact string
|> of "javascript " was being uploaded. E.g. the guy on MySpace with over a
|> million friends.
|
| It still has nothing to do with CSS proper. It has to do with IE
| recognizing Javascript *behaviors* embedded in CSS files. If sites like
| MySpace aren't filtering those scripts, it's the same kind of problem
| that there'd be if they didn't filter out SCRIPT tags. Yes, it's a
| problem, but it isn't CSS that's the hazard.

Nevertheless, it's still a hazard that the OP sees as curable by not using
CSS. He's misguided, of course, because this only applies to sites where
users can submit site designs that are not 100% vetted for every possible
browser screwup. It doesn't apply when the webmaster has full control,
unless we're talking about the evil webmaster from hell.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
May 2 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
1454
by: Radium | last post by:
Cascading Style Sheet is hazardous to your privacy. It allows others on the internet to see your monitor and files. It allows them to copy images on your monitor to their computers. It also allows them to copy files from your computer to their's. It is dangerous. Avoid at all costs. CSS that isn't stored in the victim's computer. Instead it is stored in the perpetrator's PC. What it does is it reads everything on the victim's screen...
5
1573
by: Radium | last post by:
Cascading Style Sheet is such a hazard to your privacy. It allows others on the internet to see your monitor and files. It allows them to copy images on your monitor to their computers. It also allows them to copy files from your computer to their computers. It is dangerous. Avoid at all costs. CSS isn't stored in the victim's computer. Instead it is stored in the perpetrator's computer. What it does is it reads everything on the...
7
1811
by: Green Xenon [Radium] | last post by:
Cascading Style Sheet is such a hazard to your privacy. It allows others on the internet to see your monitor and files. It allows them to copy images on your monitor to their computers. It also allows them to copy files from your computer to their computers. It is dangerous. Avoid at all costs. CSS isn't stored in the victim's computer. Instead it is stored in the perpetrator's computer. What it does is it reads everything on the...
0
8603
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9023
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8893
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8861
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
5860
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4366
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4615
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
2327
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1999
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.