Slashdot Mirror

← Back to Stories (view on slashdot.org)

Abusing HTTP Status Codes To Expose Private Info

Posted by CmdrTaco on Wednesday January 26, 2011 @03:09AM from the i-see-what-you-did-there dept.

An anonymous reader writes "Here's a neat technique for testing if people are logged into other websites. Examples for Facebook, Twitter, GMail and Digg are provided." Like we needed more reasons to use the Chrome incognito function.

1 of 133 comments (clear)

Min score:

Reason:

Sort:

Re:Incognito anyways by PseudonymousBraveguy · 2011-01-26 03:28 · Score: 4, Insightful

I doubt that halps against the technique presented in TFA, because it does not depend on Cookies or anything that is blocked in Incognito mode. Basically, they only rely to a HTTP request to the site to be checked, using JavaScript to determine the HTTP status. Thus, disabling JavaScript helps. The Firefox Addon "Request Policy" should, according to the autor of TFA, help, too.