[kwlug-disc] DuckDuckGo.com -- an alternate search engine
hyperflexed at gmail.com
Thu Jul 29 18:15:47 EDT 2010
On 07/29/2010 06:08 PM, Eric Gerlach wrote:
> Excerpts from Johnny Ferguson's message of Thu Jul 29 16:36:34 -0400 2010:
>> On 07/28/2010 11:12 AM, Fernando Duran wrote:
>>> ----- Original Message ----
>>>> From: Eric Gerlach<eric+kwlug at gerlach.ca>
>>>> Attack #1: Using existing logins
>>>> - You're logged into a site you care about (let's say your bank, or
>>>> to find recently visited sites that it knows about
>>> Just tooting my own horn: detecting browser's history is very easy to do, we
>>> implemented it in http://watsec.com/myip
>> How is this accomplished? I'm rather disgusted that enabling js can let
>> people know who my bank is.
> It creates invisible links to each site with special CSS set on them,
> then checks to see what colour the browser has rendered them. If it
> renders them in the "visited" colour, then you've been there recently.
Actually, I just thought of another countermeasure to this. One could
specify User-agent CSS that sets all links to be the same colour. Still,
that is a bit of an inconvenience just to use JS.
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
More information about the kwlug-disc_kwlug.org