Back from a very long four weeks of nearly constant travel. SecTor was great, and definitely one of those high quality cons I’ll be returning to. I was really impressed. But anyway, I ran across an interesting thread today as I was perusing my logs. Users have been being banned for using certain Trackers if they are seen having come from certain sites. This is the first time I have seen the CSS history hack actually used in a production environment.
We’ve often talked about the implications of using the CSS History hack for tracking purposes, but this is another take - banning users. It will be interesting to see how this evolves over time. The other interesting implication here is that CSRF DoS is an amusing way to abuse the trust in a client side script. I wonder if the trackers are smart enough to whitelist their own IPs from that script!