Spying on your visitors

Published on Monday, August 28, 2006 in Code and Web. 0 Comments

Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs.

The issue/bug/vulnerability isn’t new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site.

CSS has a feature that can be abused to exactly the same ends. It is simpler, more accurate, and more easily abused than the timing attacks described in the above paper.

There is a demonstration here of how it works, on top of the Grossman post :
https://www.indiana.edu/~phishing/browser-recon/

It seems variations enable this hack on IE, FireFox, Opera and Mozilla unless there are plug-ins that block the browser from comparing with its history function…

If you liked this then please share and enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • LinkedIn
  • Technorati
  • NewsVine
  • Twitter
  • StumbleUpon

0 Response to “Spying on your visitors”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply