« WebWag : your personal page
The spying CD »

Spying on your visitors

Published 2 years ago in Code and Web. Tags: , , , , .

Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs.

The issue/bug/vulnerability isn’t new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site.

CSS has a feature that can be abused to exactly the same ends. It is simpler, more accurate, and more easily abused than the timing attacks described in the above paper.

There is a demonstration here of how it works, on top of the Grossman post :
https://www.indiana.edu/~phishing/browser-recon/

It seems variations enable this hack on IE, FireFox, Opera and Mozilla unless there are plug-ins that block the browser from comparing with its history function…

Add To Del.icio.us Add To Furl Add To Spurl

 
 

1 Response to “Spying on your visitors”

Feed for this Entry Trackback Address
  1. 1 The spying CD at UbiKann Pingback on Aug 28th, 2006 at 19:37

Leave a Reply

« WebWag : your personal page
The spying CD »

About

Next: The spying CD
Previous: WebWag : your personal page

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

August 2006
M T W T F S S
« Jul   Sep »
 123456
78910111213
14151617181920
21222324252627
28293031  

Flickr

RSS
Besancon Flat View InsideMilan : Duomo Inside ViewNew York Car WashVerona ColiseumNew York Trump Building In the middle of the night !Mont St Michel

Posts by Category