A technique that exploits the way Web browsers store recently viewed data could compromise Internet users' privacy by allowing an attacker to check what sites a person has visited recently.
Published:
15 December 2000 y., Friday
A technique that exploits the way Web browsers store recently viewed data could compromise Internet users' privacy by allowing an attacker to check what sites a person has visited recently.
The exploit--called a "timing attack"--allows an unethical Web site to play 20 questions (or more) with a person's browser and check whether the surfer has recently viewed any sites from a predetermined list. An employer could use the technique on internal Web sites to see whether any employees have been visiting the competition's job listings. A Web portal could check whether a person has recently visited any of its sponsors.
"The attacks allow any Web site to determine whether or not each visitor has recently visited some other site" or set of sites, Edward Felten, a professor of computer science at Princeton University, and Michael Schneider, a graduate student, wrote in a paper published at a technical conference last month. "The attacker can do this without the knowledge or consent of either the user or the other site," they wrote. The attack takes advantage of the data caches used by browsers to speed access to recently visited Web sites. Caching is a technique that stores copies of frequently accessed data in a nearby location, whether on a person's PC or on a server on the local area network. The ability to store recently viewed items significantly reduces the amount of data that has to move over the Internet.
Šaltinis:
two.digital.cnet.com
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
INTERVIEW: Fraud victim describes mistrust of ATMs in Nigeria.
more »
Cisco announced today it has been selected to provide Internet Protocol (IP) video network infrastructure and video-encoding solutions to NBC during the network's coverage of the 2008 Beijing Olympic Games, Aug. 8-24.
more »
Q&A: Executives from MSN, NBC and Microsoft offer details behind the largest online broadcasting event in history.
more »
The goal of the initiative is to promote open collaboration among industry, academia and governments by removing the financial and logistical barriers to research in data-intensive, Internet-scale computing.
more »
Platforms & Services Division to Split Into Two Groups and Report to CEO Steve Ballmer.
more »
More can be done to ensure that people can be confident that their privacy will be protected online.
more »
A UK crime survey shows credit and debit card fraud has reached a record high of £535 million.
more »
New security measures underscore commitment to protect certification integrity and value.
more »
Sparkasse KölnBonn has just concluded a framework agreement with Wincor Nixdorf. The agreement covers more than 500 devices.
more »
Aladdin Knowledge Systems Ltd. (NASDAQ: ALDN), an information security leader specializing in authentication, software DRM and content security, today announced financial results for the second quarter of fiscal year 2008.
more »