Web browser flaw secretly bares all..!!

priyanshuit's picture


Dozens of websites have been secretly harvesting lists of places
that their users previously visited online, everything from news
articles to bank sites to pornography, a team of computer scientists
found.

The information is valuable for con artists to learn more about their
targets and send them personalized attacks. It also allows e-commerce
companies to adjust ads or prices -- for instance, if the site knows
you've just come from a competitor that is offering a lower price.Although passwords aren't at risk, in harvesting a detailed list of
where you've been online, sites can create thorough profiles on their
users.

The technique the University of California, San Diego researchers
investigated is called "history sniffing" and is a result of the way
browsers interact with websites and record where they've been. A few
lines of programming code are all a site needs to pull it off.

Although security experts have known for nearly a decade that such
snooping is possible, the latest findings offer some of the first public
evidence of sites exploiting the problem. Current versions of the
Firefox and Internet Explorer browsers still allow this, as do older
versions of Chrome and Safari, the researchers said.

The report adds to growing worry about surreptitious surveillance by
Internet companies and comes as federal regulators in the U.S. are
proposing a "Do Not Track" tool that would prevent advertisers from
following consumers around online to sell them more products.

The researchers found 46 sites, ranging from smutty to staid, that
tried to pry loose their visitors browsing histories using this
technique, sometimes with homegrown tracking code. Nearly half of the 46
sites, including financial research site Morningstar.com and news site
Newsmax.com, used an ad-targeting company, Interclick, which says its
code was responsible for the tracking.

Interclick said the tracking was part of an eight-month experiment
that the sites weren't aware of. The New York company said it stopped
using the technique in October because it wasn't successful in helping
match advertisers to groups of Internet users. Interclick emphasized
that it didn't store the browser histories.

Morningstar said it ended its relationship with Interclick when it
found out about the program, and NewsMax said it didn't know that
history sniffing had been used on its users until The Associated Press
called. NewsMax said it is investigating.

The researchers studied far more sites -- a total of the world's
50,000 most popular sites -- and said many more behaved suspiciously,
but couldn't be proven to use history sniffing. Nearly 500 of the sites
studied had characteristics that suggested they could infer browsers'
histories, and more than 60 transferred browser histories to the
network. But the researchers said they could only prove that 46 had done
actual "history hijacking."


Source: www.thonline.com/

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
1 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture

Name
priyanshu

Last Name
sahay

Gender
Male

Website / Blog
http://www.hackersonlineclub.com

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in

Location
Delhi

Recent comments