Check out www.safehistory.com for a solution to visited-link-basedtracking
techniques.
On 9/29/06, Chris Hofmann <chofmann@mozilla.org> wrote:>>> I've filed>
https://bugzilla.mozilla.org/show_bug.cgi?id=354861 for> tracking the
investigation in Firefox.>> Chris Hofmann>>> Billy Hoffman wrote:>> SPI Labs
has discovered a practical method of using JavaScript to detect the> search
queries a user has entered into arbitrary search engines. All the> code needed
to steal a user's search queries is written in JavaScript and> uses Cascading
Style Sheets (CSS). This code could be embedded into any> website either by the
website owner or by a malicious third party through a> Cross-site Scripting
(XSS) attack. There it would harvest information about> every visitor to that
site.>>>>>> Possible uses:>> -HMO's website could check if a visitor has been
searching other sites about> cancer, cancer treatments, or drug rehab
centers.>> -Advertising networks could gather information about which topics
someone is> interested based on their search history and use that to echance
their> customer databases.>> -Government websites could see if a visitor has
been searching for> bomb-making instructions.>>>> SPI has published a
whitepaper about this technique and has also release> proof of concept code
that will steal search engine queries. Works solid in> Firefox, and IE support
is a little shaky on multi word queries.>>>> Whitepaper:>
http://www.spidynamics.com/assets/documents/JS_SearchQueryTheft.pdf>> Proof of
Concept:> http://www.spidynamics.com/spilabs/js-search/index.html>>>> Have
fun,>> Billy Hoffman>> -->> Lead R&D Engineer>> SPI Dynamics â
http://www.spidynamics.com>> Phone: 678-781-4800>> Direct:
678-781-4845>_______________________________________________Full-Disclosure -
We believe in it.Charter:
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by
Secunia - http://secunia.com/
