1 - 2 min read
May 24, 2010
Two developers have refined techniques for rummaging through browser histories to the extent that web sites can now find out what articles a user has recently read on news sites, their exact postcode and which search terms that have entered into search engines. The developers, Artur Janc and Lukasz Olejnik, have now refined their JavaScript code to carry out history stealing six times faster than previous methods.
History stealing makes use of the way browsers record whether users have previously clicked on a link (a simple online test is available). Previously clicked links are displayed in a different colour to links to pages which have not yet been visited. The different colours are produced by a change in the style sheet (CSS) for the HTML file, which the browser stores as an attribute in its history. JavaScript can be used to test a list of potential web sites and the style sheet's colour scheme and work out which web sites have been visited. The longer the list, the greater the chance of scoring a hit. The refined JavaScript code allows a web site to test 30,000 links per second.
There are also methods for accessing browser history which do not make use of JavaScript. These involve taking advantage of the ability to use style sheets to load different background images depending on whether or not a web site has previously been visited. An attacker can query a user's history without using JavaScript by using crafted HTML pages and observing which images the web pages load. Janc and Olejnik have also included this method, which they claim works even where JavaScript is disabled and plug-ins like NoScript are installed, in their test.
The link for this article located at H Security is no longer available.