Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Abusing HTTP Status Codes To Expose Private Info 133

Posted by CmdrTaco
from the i-see-what-you-did-there dept.
An anonymous reader writes "Here's a neat technique for testing if people are logged into other websites. Examples for Facebook, Twitter, GMail and Digg are provided." Like we needed more reasons to use the Chrome incognito function.
This discussion has been archived. No new comments can be posted.

Abusing HTTP Status Codes To Expose Private Info

Comments Filter:
  • by toetagger (642315) on Wednesday January 26, 2011 @10:28AM (#35009010)
    I don't know... What if I would do this in my slashdot signature, trying to load a picture only available for people on the RIAA Intranet. Then I could show a different signature to the RIAA than to everyone else. Copy/Paste for FBI, your HR/employer, or even your spouse.
  • Re:Not quite (Score:4, Interesting)

    by ArcherB (796902) on Wednesday January 26, 2011 @10:31AM (#35009052) Journal

    It might not work as well as they think. I got this as I read down a bit:

    First of all. Lets check if you're logged into GMail right now (not including Google Apps)... (Yes, you are logged in).

    Actually, I am browsing with Chrome, but have not opened GMail in this session at all, not once since the reboot. Maybe it is something Chrome is doing, since I get "No, you're not logged in" while using the incognito window.

    If you are using your gmail account to download bookmarks, custom home page or whatever Chrome may be logging into gmail for, it may throw off the result.

    However, in saying that, I noticed that it reported me logged into Facebook, which I am not, nor have I since my last reboot. I'm running Firefox 3.6.13.

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"