Spying on your visitors

By    John Garner on  Monday, August 28, 2006
Summary: Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs. The issue/bug/vulnerability isn't new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site. CSS has a feature that can be abused to exactly […]

Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs.

The issue/bug/vulnerability isn't new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site.

CSS has a feature that can be abused to exactly the same ends. It is simpler, more accurate, and more easily abused than the timing attacks described in the above paper.

There is a demonstration here of how it works, on top of the Grossman post :
https://www.indiana.edu/~phishing/browser-recon/

It seems variations enable this hack on IE, FireFox, Opera and Mozilla unless there are plug-ins that block the browser from comparing with its history function...

Article written by  John Garner

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment on “Spying on your visitors”

Latest Posts

crossmenuarrow-down