Welcome, Unregistered.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
 |
12-Dec-2010, 21:58
|
#1 |
|
Member
Join Date: Jun 2005
Posts: 160
|
YouPorn, Perez Hilton Exploit Bug To Obtain Your Browsing History ...
http://www.huffingtonpost.com/2010/1..._n_791479.html
Here is the link to the pdf. http://cseweb.ucsd.edu/users/lerner/.../ccs10-jsc.pdf Apparently, these sites exploit the history visited color via DOM of webpages. So, when you visit their website, they have hidden links to sites such as nytimes, facebook, etc...and then via javascript determine the color and thus if you've visited them or not. |
|
|
|
13-Dec-2010, 19:35
|
#2 |
|
Ecce homo
Join Date: Feb 2002
Location: Westeros
Posts: 4,266
 |
Anyone who surfs Perez Hilton's site deserves whatever happens.
__________________
Voodoo 1 Voodoo 2 SLI Voodoo 3 3000 Voodoo 5 5500 GeForce 3 Ti200 GeForce 4 Ti4400 Radeon 9700 Pro Radeon 9800 Pro GeForce 6800 GT Radeon X1800 XT Radeon X1900 XT Radeon X1950 XTX GeForce 8800 GTX Radeon HD 4870 GeForce GTX 285 Radeon 5870 Geforce GTX 470 Geforce GTX 570 Geforce GTX 670 |
|
|
|
13-Dec-2010, 19:40
|
#3 | |
|
Senior Member
Join Date: Jul 2008
Location: /
Posts: 4,070
|
If this technique works (and apparently it does), what is there to prevent other sites from using it?
How can one prevent sites - even those more reputable than Perez Hilton - from sniffing your history?
__________________
The views presented here are my own and not my employer's. Quote:
|
|
|
|
|
|
13-Dec-2010, 20:26
|
#4 | |
|
Specious Misanthrope
Join Date: May 2003
Location: Treading Water
Posts: 7,467
|
Quote:
|
|
|
|
|
|
13-Dec-2010, 20:29
|
#5 |
|
That's my stapler
Join Date: Feb 2002
Location: "Midwest," USA
Posts: 3,951
|
Why on earth is the browser sending the color of the link to the remote server?
Sounds like a pretty obvious exploit than needs to be plugged. Do all browsers send this info? ...oh and the fact that "Youporn" is a malware site...uh duh?
__________________
"Yes windows 3.1 was better than the macOS of the day. All the Windows OS's have been better." - eastmen |
|
|
|
|
13-Dec-2010, 20:30
|
#6 |
|
That's my stapler
Join Date: Feb 2002
Location: "Midwest," USA
Posts: 3,951
|
Noscript seconded here. Great plugin.
__________________
"Yes windows 3.1 was better than the macOS of the day. All the Windows OS's have been better." - eastmen |
|
|
|
|
13-Dec-2010, 21:31
|
#7 | ||
|
Remember
Join Date: Aug 2003
Posts: 2,031
|
Quote:
Under the same subheading, dealing with attention tracking, the source article also states the following: Quote:
|
||
|
|
|
|
13-Dec-2010, 21:51
|
#8 |
|
Red-headed step child
Join Date: Jun 2004
Location: Guess ;)
Posts: 3,084
|
Any sites that I'm unsure about get the "right-click, open in Incognito Window" treatment. No history, no cache, and their own sandbox.
__________________
"...twisting my words" |
|
|
|
|
13-Dec-2010, 22:11
|
#9 | |
|
That's my stapler
Join Date: Feb 2002
Location: "Midwest," USA
Posts: 3,951
|
Quote:
nvm...chrome...good feature.
__________________
"Yes windows 3.1 was better than the macOS of the day. All the Windows OS's have been better." - eastmen |
|
|
|
|
|
13-Dec-2010, 23:11
|
#10 | |
|
Red-headed step child
Join Date: Jun 2004
Location: Guess ;)
Posts: 3,084
|
Quote:
 I haven't touched IE directly in probably a year, ever since someone made an "IE Tab" Chrome extension that allows for IE-only sites (such as our corporate sharepoint) to open an IE tab within Chrome.
__________________
"...twisting my words" |
|
|
|
|
|
13-Dec-2010, 23:11
|
#11 | |
|
Senior Member
Join Date: Dec 2002
Location: Under a Crushing Burden
Posts: 4,290
|
Quote:
__________________
You bought horse armor didn't you? |
|
|
|
|
|
13-Dec-2010, 23:13
|
#12 | |
|
That's my stapler
Join Date: Feb 2002
Location: "Midwest," USA
Posts: 3,951
|
Quote:
I tend to split time between FF and Chrome...
__________________
"Yes windows 3.1 was better than the macOS of the day. All the Windows OS's have been better." - eastmen |
|
|
|
|
|
14-Dec-2010, 02:55
|
#13 |
|
Regular
Join Date: Mar 2007
Posts: 8,988
|
I just have a seperate InPrivate browsing window open and drag links to it if I don't need history, cookies, etc.
Stopped using FF sometime after IE7 came out. Can't stand Chrome's UI. Although IE9's UI is making me seriously consider trying FF again maybe. At least it appears they still have a seperate search field and didn't merge it with the address bar like the incompetent IE UI designer did. Regards, SB |
|
|
|
|
14-Dec-2010, 04:09
|
#14 | |
|
Specious Misanthrope
Join Date: May 2003
Location: Treading Water
Posts: 7,467
|
Quote:
Last edited by AlphaWolf; 14-Dec-2010 at 04:31. Reason: goofed the quote |
|
|
|
|
|
14-Dec-2010, 04:26
|
#15 |
|
Senior Member
Join Date: Feb 2002
Posts: 2,020
|
This technique isn't new and there are non-nefarious reasons to use it. I thought about using it for a project, but never got around to it. Here's an article where I read about it in 2008.
http://www.niallkennedy.com/blog/200...ory-sniff.html |
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 23:16.
