Most surfers vulnerable to "history sniffing" attacks
By Stewart Mitchell
Posted on 21 May 2010 at 09:41
Three quarters of the surfing population are open to “history sniffing” attacks that can expose surfing habits and even identify where they live.
The report, published by security researchers behind the What The Internet Knows About You website, claims that browser history detection through Cascading Style Sheets has long been documented by security academics, but had been dismissed as low risk. Until now.
“Our results indicate that at least 76% of internet users are vulnerable to history detection; for a test of most popular internet websites we were able to detect, on average, 62 visited locations,” said the report's authors, Artur Janc and Lukasz Olejnik.
“We also demonstrate the potential for detecting private data such as zipcodes [postcodes] or search queries typed into online forms,” the researchers said. “Our results confirm the feasibility of conducting attacks on user privacy using CSS-based history detection and demonstrate that such attacks are realisable with minimal resources. This is of great practical significance.”
The researchers say they analysed the real-world results collected by interrogating the browser of 271,576 internet users.
The history sniffing technology involved creating an algorithm that was able to search a browser's history and detect up to 30,000 links per second in recent browsers on modern consumer-grade hardware.
The researcher's website reveals whether your browser is susceptible to such attacks.
From around the web
Should we be supprised
The powers that be all (including PCPro) tell us to keep private, and then when you want to do anything on the net the individual sites rewuire you to signup and (including PCPRo) update your profile with all the private info you should kep private, mostly info that is not really needed.
Most info is not compulsory but most, especially children fill it all in.
By Andylec on 23 May 2010 
advertisement
- How to install Internet Explorer 9
- Maintaining and supporting IE9
- Plan your deployment
- Creating a custom browser package
- Search in corporate environments
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk