Skip to main content

Home/ Information Security/ Group items tagged browsers

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Skeptical Debunker

Browser history hijack + social networks = lost anonymity - 0 views

arstechnica.com/...al-networks-lost-anonymity.ars

social networking phishing identity exposure research

shared by Skeptical Debunker on 25 Feb 10 - Cached
  • Skeptical Debunker on 25 Feb 10
     
    Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research. In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity. That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack.
Seçkin Anıl Ünlü

Plugging the CSS History Leak at Mozilla Security Blog - 0 views

blog.mozilla.com/...plugging-the-css-history-leak

security web history mozilla online browsers privacy bugfix

shared by Seçkin Anıl Ünlü on 17 Apr 10 - Cached
  • History Sniffing
  • Links can look different on web sites based on whether or not you’ve visited the page they reference.
  • The problem is that appearance can be detected by the page showing you links, cluing the page into which of the presented pages you’ve been to. The result: not only can you see where you’ve been, but so can the web site!
  • ...18 more annotations...
  • The most obvious fix is to disable different styles for visited versus unvisted links, but this would be employed at the expense of utility: while sites can no longer figure out which links you’ve clicked, neither can you.
  • David Baron has implemented a way to help keep users’ data private while minimizing the effect on the web, and we are deploying it to protect our users.
  • The biggest threats here are the high-bandwidth techniques, or those that extract lots of information from users’ browsers quickly.
  • The JavaScript function getComputedStyle() and its related functions are fast and can be used to guess visitedness at hundreds of thousands of links per minute.
  • we’re approaching the way we style links in three fairly subtle ways:
  • Change 1: Layout-Based Attacks
  • First of all, we’re limiting what types of styling can be done to visited links to differentiate them from unvisited links.
  • can only be different in color
  • the CSS 2.1 specification takes into consideration how visited links can be abused:
  • implement other measures to preserve the user’s privacy while rendering visited and unvisited links differently
  • Change 2: Some Timing Attacks
  • we are changing some of the guts of our layout engine to provide a fairly uniform flow of execution to minimize differences in layout time for visited and unvisited links.
  • when the link is styled, the appropriate set of styles is chosen making the code paths for visited and unvisited links essentially the same length.
  • Change 3: Computed Style Attacks
  • JavaScript is not going to have access to the same style data it used to.
  • Firefox will give it unvisited style values.
  • it’s the right trade-off to be sure we protect our users’ privacy.
  • fixing CSS history sniffing will not block all of these leaks. But we believe it’s important to stop the scariest, most effective history attacks any way we can since it will be a big win for users’ privacy.
David Woodsmall

Reliable Online Computer Repair - 6 views

Do it for free: Complete Slow Windows Computer & Slow Browser Fixes http://www.woodsmall.com/SLOW-misbehaving-computer-fixes.htm

computer problem

started by cecilia marie on 06 Jun 11 1 follow-up, last by David Woodsmall on 27 Feb 14
David Woodsmall

Software Support Saved My Spring Days - 3 views

This seems to be a re-occurring advertisement, in my personal opinion fix it for free Complete Slow Windows Computer & Slow Browser Fixes http://www.woodsmall.com/SLOW-misbehaving-computer-fixes.htm

software support

started by cecilia marie on 10 Aug 11 1 follow-up, last by David Woodsmall on 27 Feb 14
David Woodsmall

Computer Problem Solved - 4 views

You could probably do it for free with free software - has always worked for me Complete Slow Windows Computer & Slow Browser Fixes http://www.woodsmall.com/SLOW-misbehaving-computer-fixes.htm

computer problem

started by cecilia marie on 13 Jul 11 1 follow-up, last by David Woodsmall on 27 Feb 14
1 - 9 of 9
Showing 20 items per page