[kwlug-disc] DuckDuckGo.com -- an alternate search engine

Johnny Ferguson hyperflexed at gmail.com
Thu Jul 29 16:36:34 EDT 2010


On 07/28/2010 11:12 AM, Fernando Duran wrote:
>
>
> ----- Original Message ----
>> From: Eric Gerlach<eric+kwlug at gerlach.ca>
> ...
>>
>> Attack #1: Using existing logins
>>
>> - You're logged into  a site you care about (let's say your bank, or
>>    launchpad)
>> -  Malicious Javascript looks through your history (yes, it can do this)
>>     to find recently visited sites that it knows about
>
>
> Just tooting my own horn: detecting browser's history is very easy to do, we
> implemented it in http://watsec.com/myip
>

How is this accomplished? I'm rather disgusted that enabling js can let 
people know who my bank is.

-Johnny

> Cheers,
>
> Fernando
> http://fduran.com
>
>
>
>
>
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org




More information about the kwlug-disc_kwlug.org mailing list