Spying on your visitors

By John Garner on Monday, August 28, 2006

Summary: Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs. The issue/bug/vulnerability isn't new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site. CSS has a feature that can be abused to exactly […]

Jeremiah Grossman demonstrates an issue with CSS and visited links which allows sites to verify the sites you have visited prior to theirs.

The issue/bug/vulnerability isn't new, as comments explain, it was first discovered in 2002 and is well documented here at the seclist.org site.

CSS has a feature that can be abused to exactly the same ends. It is simpler, more accurate, and more easily abused than the timing attacks described in the above paper.

There is a demonstration here of how it works, on top of the Grossman post :
https://www.indiana.edu/~phishing/browser-recon/

It seems variations enable this hack on IE, FireFox, Opera and Mozilla unless there are plug-ins that block the browser from comparing with its history function...

Article written by John Garner

One comment on “Spying on your visitors”

The spying CD at UbiKann says:
Monday, August 28, 2006 at 19:37
[...] Articles « Spying on your visitors [...]

Latest Posts

Spying on your visitors

Leave a Reply

One comment on “Spying on your visitors”

Latest Posts

Installing Ubuntu server 20.04 LTS on a Netcup root server

Looking for and finding a solid Photoshop alternative

Safety measures and the importance of monitoring air quality