Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

History Sniffing In the Wild 96

Posted by Soulskill
from the smells-fishy dept.
An anonymous reader writes "Kashmir Hill at Forbes documents a recent study by UCSD researchers showing that 'history sniffing' is being actively used by mainstream ad networks like Interclick as well as popular porn sites like YouPorn in order to track what other sites you visit. The vulnerability has been known for almost a decade, but this paper documents hundreds of commercial sites exploiting it today (PDF)."
This discussion has been archived. No new comments can be posted.

History Sniffing In the Wild

Comments Filter:
  • by The MAZZTer (911996) <megazzt@gmai[ ]om ['l.c' in gap]> on Friday December 03, 2010 @10:31AM (#34431226) Homepage
    You shouldn't even need to go that far, Mozilla plugged most of the leak [mozilla.com]. I'm not sure if this made it into 3.6 though... might want to wait for 4.0?
  • A simple fix (Score:4, Interesting)

    by VernonNemitz (581327) on Friday December 03, 2010 @10:58AM (#34431556) Journal
    In Firefox, even older versions (and perhaps some of the other browsers out there), you can change your "visited links" color (via Edit, Preferences, Appearance, Colors) to something other than purple. Then this script won't work. More, if you also change the "unvisited links" color, then even a modified script designed to tell the difference won't know which color is your "visited" color and which is your "unvisited" color.
  • Re:Javascript... (Score:4, Interesting)

    by 0123456 (636235) on Friday December 03, 2010 @11:19AM (#34431926)

    And HTML differs from Javascript how? Or how about an image?

    Neither HTML or JPEG files are Turing-complete programming languages. Sure, your HTML or JPEG parser might have bugs that allow remote exploits, but that's a huge difference from a language like Javascript which can trivially perform these kind of operations. _by design_

  • by mbone (558574) on Friday December 03, 2010 @11:28AM (#34432048)

    My recommendation is to use multiple browsers.

    Say you use Firefox for your web searches.

    Then run Facebook on Safari (say)

    Anything google on Opera.

    Any porn on Chrome.

    Etc.

    There are a bunch of broswers out there - use them to silo off the nosey actors like Facebook, Google and Youporn.

  • Re:Javascript... (Score:4, Interesting)

    by 0123456 (636235) on Friday December 03, 2010 @11:36AM (#34432238)

    No. It can’t. It has a sandbox that it plays in. If JS code breaks out of that, it’s a bug. It’s nothing more than ones and zeros arranged in a semi-human-readable fashion that tells an interpreter what to do. You are an interpreter too, but if I told you to go kill yourself, you wouldn’t. Same thing.

    Duh, we're not talking about remote exploits running arbitrary machine code on your system. We're talking about Javascript being a privacy-stealing monster _BY DESIGN_.

  • Re:YouPorn script (Score:4, Interesting)

    by camperslo (704715) on Friday December 03, 2010 @11:42AM (#34432356)

    What about Firefox hidden history data?

    Looking at the information under Troubleshooting Information in the Firefox help menu, there's an entry beyond the expected "browser.history_expire_days", "browser.history_expire_days.mirror" that defaults to 180!
    How secure is that??

    Note that entering "about:config" in the address bar allows editing the config settings.

If a 6600 used paper tape instead of core memory, it would use up tape at about 30 miles/second. -- Grishman, Assembly Language Programming

Working...