Slashdot Mirror


Browser History Sniffing Is Back

An anonymous reader writes "Remember CSS history sniffing? The leak is plugged in all major browsers today, but there is some bad news: in a post to the Full Disclosure mailing list, security researchers have showcased a brand new tool to quickly extract your history by probing the cache, instead. The theory isn't new, but a convincing implementation is."

5 of 161 comments (clear)

  1. Re:Javascript required? by danbuter · · Score: 5, Insightful

    NoScript should just be added in as part of default Firefox. It's very easy to manage, and saves me lots of headaches.

  2. Re:Easy work-around by CastrTroy · · Score: 5, Insightful

    I do this all the time. My history is disabled by default. Cache is 0. I have never really had a need for history in the past 10 years. If I want to find something again, it's faster to just Google it. Or if I find something that I really don't want to lose, I just bookmark it. No reason to keep a history.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  3. Re:Easy work-around by zoloto · · Score: 5, Insightful

    well, if sites would stop using so much garbage for simple content we wouldn't have this problem now would we?

  4. Re:Easy work-around by icebraining · · Score: 5, Insightful

    You might not care, but the guy paying for the server's bandwidth certainly does ;)

  5. Re:You would think so... by icebraining · · Score: 4, Insightful

    The script doesn't actually analyze the cache, just the time it takes to load the resource, so if your proxy's cache is fast enough it might still be detected.