A technique that exploits the way Web browsers store recently viewed data could compromise Internet users' privacy by allowing an attacker to check what sites a person has visited recently.
Published:
15 December 2000 y., Friday
A technique that exploits the way Web browsers store recently viewed data could compromise Internet users' privacy by allowing an attacker to check what sites a person has visited recently.
The exploit--called a "timing attack"--allows an unethical Web site to play 20 questions (or more) with a person's browser and check whether the surfer has recently viewed any sites from a predetermined list. An employer could use the technique on internal Web sites to see whether any employees have been visiting the competition's job listings. A Web portal could check whether a person has recently visited any of its sponsors.
"The attacks allow any Web site to determine whether or not each visitor has recently visited some other site" or set of sites, Edward Felten, a professor of computer science at Princeton University, and Michael Schneider, a graduate student, wrote in a paper published at a technical conference last month. "The attacker can do this without the knowledge or consent of either the user or the other site," they wrote. The attack takes advantage of the data caches used by browsers to speed access to recently visited Web sites. Caching is a technique that stores copies of frequently accessed data in a nearby location, whether on a person's PC or on a server on the local area network. The ability to store recently viewed items significantly reduces the amount of data that has to move over the Internet.
Šaltinis:
two.digital.cnet.com
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
Networking sites like Facebook and YouTube are changing politics.
more »
Vendor to service almost 4,000 existing ATMs and supply another 450.
more »
The advent of deposit automation, facilitated in many ways by the implementation of Check 21, is not only improving check-handling processes at the self-service terminal – it also is improving handling within the bank branch itself.
more »
The Moroccan Post Office, Barid Al-Maghrib, has selected Bull to act as project manager on the automation project for its International Mail Center in Casablanca.
more »
Gemalto has taken home one of the most coveted technology prizes in Austin with its Smart Enterprise Guardian (SEG).
more »
Banks in Australia are rushing to install gas detectors into their ATMs, as gas-explosive attacks on ATMs in the country continue to climb.
more »
EMC CEO Joe Tucci and Microsoft CEO Steve Ballmer showcase deep technology collaboration at New York CIO Summit.
more »
India-based mChek looks to offer its secured SIM-card-based mobile applications through partnership with Gemalto.
more »
Nearly one week after news emerged of the big data breach at Princeton, N.J.-based merchant acquirer Heartland Payment Systems Inc., it remains unclear how much damage actually happened and who did it.
more »
Wincor Nixdorf AG has announced the release of an enhanced security product for bank branches called ProTect.
more »