• Glitch Reveals Browsing History
    35 replies, posted
Source: [URL]http://www.bbc.co.uk/news/technology-11899092[/URL] [quote]Carried out by computer science researchers at UC San Diego the study found 485 sites exploiting the bug. The flaw gives sites access to all the other sites that user has visited. Many use it to target ads or see if users are patronising rivals. The researchers said their work showed a need for better defences against history tracking. The bug exploits the way that many browsers handle links people have visited. Many change the colour of the text to reflect that earlier visit. This can be abused with a specially written chunk of code sitting on a website that interrogates a visitors browser to see what it does to a given list of websites. Any displayed in a different colour are judged to be those a user has already seen. A survey of 50,000 of the web's most visited websites by the team from UC San Diego found 485 sites using this method to get at browser histories, 63 were copying the data it reveals and 46 were found to be "hijacking" a user's history. The most popular site that uses the technique is adult site YouPorn. Many other porn sites use it too as well as sports, news, movies and finance websites. The researchers also looked at other popular techniques that sites use to map and monitor what visitors do. Some, such as YouTube, run scripts that track the trail a user's mouse pointer takes on and across pages. "Our study shows that popular Web 2.0 applications like mashups, aggregators, and sophisticated ad targeting are rife with different kinds of privacy-violating flows," wrote the researchers. The researchers pointed out that some modern browsers, such as Chrome and Safari, are not vulnerable to history hijacking and that the most recent version of Mozilla has closed the loophole. Users of Internet Explorer can defeat the bug by turning on "private browsing". Users can also check how much information they are leaking by visiting a webpage set up by security researchers that tries to grab their history. Despite these safeguards, the researchers said there was a "pressing need to devise flexible, precise and efficient defenses" against the history hijacking technique. The research team is now planning more in-depth work that it hopes will result in tools that will more comprehensively defend against attempts to exploit the bug.[/quote][IMG]http://news.bbcimg.co.uk/media/images/50260000/jpg/_50260127_searchingforporn,bbc.jpg[/IMG] Fuck. They know what I'm fapping to now...
[quote]The researchers pointed out that some modern browsers, such as Chrome and Safari, are not vulnerable to history hijacking and that the most recent version of Mozilla has closed the loophole. Users of Internet Explorer can defeat the bug by turning on "private browsing".[/quote] lol at Internet Explorer
[QUOTE=WeekendWarrior;26445697]lol at Internet Explorer[/QUOTE] Haha. IE sucks a big fat donkey dick.
Wish it said something about how secure Opera is from it.
[QUOTE=faze;26445708]Haha. IE sucks a big fat donkey dick.[/QUOTE] Iunno, aside from fucking up some pages the newest IE beta has a sexy UI Still use firefox but yeah
[QUOTE=dogmachines;26445738]Wish it said something about how secure Opera is from it.[/QUOTE] Opera isn't all that bad. [editline]2nd December 2010[/editline] [QUOTE=Ama-zake;26445752]Iunno, aside from fucking up some pages the newest IE beta has a sexy UI[/QUOTE] Meh, looks like Chrome to me.
[QUOTE=dogmachines;26445738]Wish it said something about how secure Opera is from it.[/QUOTE] [highlight]O[/highlight]pera's security is as tight as a doll's ass, so it's all good :smug:
I clear my history frequently and right before I stop browsing. Seems like a hilarious glitch though.
[QUOTE=BANNED USER;26447523]I clear my history frequently and right before I stop browsing. Seems like a hilarious glitch though.[/QUOTE] Same. I use CCleaner like a crazy person with OCD.
[QUOTE=BANNED USER;26447523]I clear my history frequently and right before I stop browsing. Seems like a hilarious glitch though.[/QUOTE] I don't think clearing your history will work. If you use a link then clear your history, next time you see that link it will still be purple, so your browser still knows you've seen it. Stops it if you use private browsing though.
[QUOTE=Lord_Skellig;26447672]I don't think clearing your history will work. If you use a link then clear your history, next time you see that link it will still be purple, so your browser still knows you've seen it. Stops it if you use private browsing though.[/QUOTE] Stops if you use CCleaner too.
Again this proves how shitty IE is. I honestly can't see any reason to use it other than to download a different browser.
Sites have been harvesting browser's histories using the CSS pseudo class "visited" for a while now. As far as I can recall, Mozilla is fixing this by: 1. Limiting what style changes can actually be applied to this pseudo class to very basic formatting. 2. Optimizing the layout engine to minimize differences in layout time for visited and unvisited links 3. Limiting Javascript's access to the computed style, forcing it to output the unvisited results. Source: [url]http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/[/url]
This has been known for years. Most of the time it's simply Javascript. It displays a list of sites (in a 1px iframe), and if it appears in <color of visited link>, then it sends info about it to the server. It's not rocket science.
:tinfoil::fh:
[QUOTE=Pretiacruento;26446040][highlight]O[/highlight]pera's security is as tight as a doll's ass, so it's all good :smug:[/QUOTE] It's like Mac OS, I'm afraid, no one gives a fuck because it isn't used by a lot of people. Although Opera has 20% in Russia.
Uh, shouldn't that be purely clientside?
Am I safe from behind firefox + noscript + adblock?
[QUOTE=Cuntsman;26449021]Am I safe from behind firefox + noscript + adblock?[/QUOTE] Firefox already has the loophole fixed, so those extras aren't completely necessary to prevent it, but still good things to have nonetheless (I have noscript and adblock too)
Im pretty sure Facebook does something like this. The ads are always for meeting hot single men :tinfoil:
There are some sites that you can go to, pick up a link to send to your friends, and once they click that link, you get to see what their browser history contains (with a nice summary of all the porn ones). My friend did this on multiple occasions to me (hiding the link under bit.ly). I was not amused :saddowns:
They didn't even specify the version of IE jesus christ.
Weird. Maybe this is the reason why I see so many Limestone network ads. I was looking for a server and went to there site a couple time and after that I see on almost every page I go to an ad from them.
[quote]Some, such as YouTube, run scripts that track the trail a user's mouse pointer takes on and across pages.[/quote] Mine would be all over the place then.
I hope noscript has prevented it.
[QUOTE=Ezhik;26448193]It's like Mac OS, I'm afraid, no one gives a fuck because it isn't used by a lot of people. Although Opera has 20% in Russia.[/QUOTE] That's because it's red, and red is a nice colour, and it's also a Russian colour.
i only browse youporn on my ipad i win u lose :smug:
[QUOTE=privatesmily;26452965]i only browse youporn on my ipad i win u lose :smug:[/QUOTE] I just watch porn where and when I want. I don't give a fuck.
[quote] YouPorn[/quote] I was just about to go to that site when I saw this. [editline]2nd December 2010[/editline] eh, I'll go anyway.
Darn they might find out I downloaded Firefox
Sorry, you need to Log In to post a reply to this thread.