“Nobody knew if anyone on the Internet was using history sniffing to get at users’ private browsing history. What we were able to show is that the answer is yes,” said Hovav Shacham.
History sniffing takes place without your knowledge or permission and relies on the fact that browsers display links to sites you’ve visited differently than ones you haven’t: by default, visited links are purple, unvisited links blue.
In addition, anyone using anything but the latest versions of the patched browsers is also vulnerable.
Out of 485 sites, 63 transferred the browser’s history to the network. “We confirmed that 46 of them are actually doing history sniffing, one of these sites being in the Alexa global top 100,” the UC San Diego computer scientists wrote.
“I think people who have updated or switched browsers should now worry about things other than history sniffing, like keeping their Flash plug-in up to date so they don’t get exploited. But that doesn’t mean that the companies that have engaged in history sniffing for the currently 60 percent of the user population that is vulnerable to it should get a free pass,” said Shacham.
“We detected when browser history is looked at, collected on the browser and sent on the network from the browser to their servers. What servers then do with that information is speculation,” he said.
The computer scientists from the UC San Diego Jacobs School of Engineering presented this work in October at the 2010 ACM Conference on Computer and Communications Security (CCS 2010). (ANI)
- Scientists develop tool to step up software security - Jul 23, 2012
- Web bug allows porn sites to hijack history files of visitors - Dec 03, 2010
- Adult sites use bug to track user's browsing history - Dec 03, 2010
- New browser combines web search with Facebook - Nov 09, 2010
- Twitter Hacked? Loophole Found And Fixed, Users Relieved - Sep 22, 2010
- Microsoft web browser faces security risk - Feb 01, 2011
- 900m Internet Explorer users at risk as Microsoft warns of security flaw - Feb 01, 2011
- Porn site visitors 'at risk of being exploited by cyber criminals' - Jun 12, 2010
- Social network history can reveal your identity - May 19, 2010
- Cyber criminals to target social networks, mobile devices: Security Report - Apr 06, 2011
- Google's Chrome browser focuses on speed, not extras - Dec 21, 2009
- Firefox 3.6 released - why bother? - Jan 22, 2010
- How hackers can 'snoop on private web sessions too' - Jul 26, 2010
- Twitter hack sends users to hardcore porn sites - Sep 22, 2010
- 8 in 10 web browsers vulnerable to hackers, criminals - Feb 19, 2011
Tags: advertising companies, alexa, california san diego, competitor, computer scientists, data flow, doing history, dynamic data, flow engine, gmail, google, google maps, latest versions, lerner, security vulnerabilities, sorin, university of california san diego, user profiles, web surfing, web users