Wednesday, June 3, 2009

Browser History Sniffing

Sometimes the desire to contextualize content delivery can go too far and can be used for malicious purposes. Here's how to blocke browser history sniffeng, cache timer attacks, and Adobe Flash offsite cookie storing.Improving user experience is an important aspect of website content delivery and advertising (which enables the vast majority of content on the Web to be offered free of charge). But sometimes, the desire to contextualize content delivery can go too far - and it can even be used for malicious purposes. For example, successfull browser history sniffeng can let a phisher know exectly which banking and ecommerce sities you use, enabling criminals to target phishing scams specific to those sites. Followeng are three examples of techniques that may be used to track where you've been online, and tips to protect against these.
Browser History Sniffing

By default, links change color when you have visited them. Browser history sniffing compares the link colors of links in your history folder to a master list of links (and their default non-visited colors) maintained by the website operator. A color mismatch indicates a particular site has been visited. Clearing your browser history can help prevent browser history sniffing. If clearing and keeping your browser history set to zero isn't an option, you can change how Internet Explorer and Firefox handle visited link colors.

Cache Timer Attacks
Each time you visit a website, the browser stores a local copy of the files accessed on that site. This cache (pronounced 'cash') helps speed up performance and make subsequent visits to the site even faster because these cached files can now be loaded directly from your hard drive instead of via the Internet. The amount of time it takes a website file to load can thus be an indication of whether or not the user visited a particular site. For example, Site B wants to know whether a visitor also visited Site A. So when a visitor surfs to Site B, Site B also loads a file that belongs to Site A. Based on how long it takes the Site A file to load, the tracker can determine whether it was loaded locally (from the user's cache) or from the original site. If the time indicates it was loaded locally, the tracker (Site B) knows you have visited Site A in the past.

Adobe Flash Cookies
Adobe Flash cookies work through the ubiquitous Adobe Flash and enables any of Adobe's partners to set global cookies that are maintained on Adobe's servers instead of your own computer. Adobe Flash cookie partners includes sites such as Microsoft, Weather.com, Paypal, eWeek, Flickr and many others. This means that no matter how, or how often, you try to delete your cookies, just having Adobe Flash installed negates that effort. To delete or deny these offsite cookies, you will need to visit the Adobe Flash Player Settings Manager site, click Website Privacy Settings Panel, delete the 'Visited Websites' list and then select 'Always Deny' (or 'Always Ask' to choose on a case-by-case basis). It's worth noting that having Adobe Flash installed also enables websites to access your webcam and microphone settings; while you're at the Adobe Flash Player Settings Manager, you can block this unauthorized access as well.

See Also
virus removal software
top ten spyware
internet explorer cookies enable
HTTP Header in Mozilla Firefox
Is Your Cell Phone Spying on You?

No comments:

Post a Comment