Browser History - 75% of users need to improve privacy safeguards - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Browser History - 75% of users need to improve privacy safeguards

This decade old vulnerability is now enhanced by an algorithm that can process 30,000 sites per second, in comparing browser history verses a list of specific web sites. While I had every browser set to zero days history, that's still not enough. The online DEMO link at bottom is a neat test and certainly made me a little more aware.

It's always beneficial to modify settings in your browser to improve privacy. Some techniques include: keep zero days of history and to clear history on exit. There are also new features like IE8's inPrivate browsing mode or the special security extenstions in Firefox 3.

On the Web, your browser history is an open book
http://sunbeltblog.blogspot.com/2010/05/on-web-your-browser-history-is-open.html

QUOTE: They wrote: “We present a web-based system capable of effectively detecting clients' browsing histories and categorizing detected information. We analyze and discuss real-world results obtained from 271,576 Internet users. Our results indicate that at least 76% of Internet users are vulnerable to history detection; for a test of most popular Internet websites we were able to detect, on average, 62 visited locations. We also demonstrate the potential for detecting private data such as zip codes or search queries typed into online forms. Our results confirm the feasibility of conducting attacks on user privacy using CSS-based history detection and demonstrate that such attacks are realizable with minimal resources.”

Most browsers silently expose intimate viewing habits
http://www.theregister.co.uk/2010/05/20/browser_history_attack/

QUOTE: While the underlying browser history disclosure vulnerability was disclosed a decade ago, researchers on Thursday disclosed a variety of techniques that make attacks much more efficient. Among other things, the researchers described an algorithm that can scan as many as 30,000 links per second. To exploit the history-pilfering weakness, webmasters must compare a victim's HTTP response code against a list of specific web addresses, a requirement many have long said limited the effectiveness of practical attacks.

CSS History Probing, or: "I know where you went last week"
http://blogs.msdn.com/ieinternals/archive/2009/06/17/CSSHistoryProbing.aspx

CSS History Sniffer - ONLINE DEMO
http://www.debugtheweb.com/test/cssvisited.htm

WAYS TO IMPROVE PRIVACY: Use your browser's privacy features. If you set your browser history to Clear-on-Exit, or your history to expire regularly (see Tools / Options / Browsing History), you can scope down the duration that Visited Links are retained. Better still, IE8's InPrivate Browsing feature blocks CSS visited link detection (Firefox 3.5's Private Browsing feature and Chrome 2's Incognito feature do the same). For Firefox users, there is also the SafeHistory extension which offers enhanced privacy.

Posted: May 22 2010, 07:59 AM by Harry Waldron | with no comments |

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.