Browser History Sniffing Is Back
An anonymous reader writes "Remember CSS history sniffing? The leak is plugged in all major browsers today, but there is some bad news: in a post to the Full Disclosure mailing list, security researchers have showcased a brand new tool to quickly extract your history by probing the cache, instead. The theory isn't new, but a convincing implementation is."
NoScript should just be added in as part of default Firefox. It's very easy to manage, and saves me lots of headaches.
I do this all the time. My history is disabled by default. Cache is 0. I have never really had a need for history in the past 10 years. If I want to find something again, it's faster to just Google it. Or if I find something that I really don't want to lose, I just bookmark it. No reason to keep a history.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
well, if sites would stop using so much garbage for simple content we wouldn't have this problem now would we?
You might not care, but the guy paying for the server's bandwidth certainly does ;)
Dilbert RSS feed
The script doesn't actually analyze the cache, just the time it takes to load the resource, so if your proxy's cache is fast enough it might still be detected.
Dilbert RSS feed