SAN FRANCISCO — Dozens of websites have been secretly harvesting lists of places that their users previously visited online, everything from news articles to bank sites to pornography, a team of computer scientists found.
The information is valuable for con artists to learn more about their targets and send them personalized attacks. It also allows e-commerce companies to adjust ads or prices — for instance, if the site knows you've just come from a competitor that is offering a lower price.
Although passwords aren't at risk, in harvesting a detailed list of where you've been online, sites can create thorough profiles on its users.
The technique the University of California, San Diego researchers investigated is called "history sniffing" and is a result of the way browsers interact with websites and record where they've been. A few lines of programming code are all a site needs to pull it off.
Although security experts have known for nearly a decade that such snooping is possible, the latest findings offer some of the first public evidence of sites exploiting the problem. Current versions of the Firefox and Internet Explorer browsers still allow this, as do older versions of Chrome and Safari, the researchers said.
Monday, December 6, 2010
Browser Flaw Allows Website History Spying
Flaws in many popular browsers allow websites to harvest your history.