ID: IRCNE2011121335
Date: 2011-12-07
According to "computerworld", Google security engineer and vulnerability researcher Michal Zalewski demonstrated how stealing browsing history is still possible despite defences currently implemented in web browsers.
History theft is a type of attack that can expose what websites users have visited in the past by determining how their browsers display links to them. By default, all browsers display previously visited links differently than non-visited links, due to definitions in their internal Cascading Style Sheets (CSS).
CSS-based history theft not only violates the privacy of the victims, but can actually assist hackers in performing other, more serious, attacks.
Zalewski's research serves as a warning to browser vendors that alternative history snooping methods should not be forgotten just because at some point in time no one was capable to provide a reliable and practical implementation.
- 2