Home » General Security, Web Security

Browser History Hijacking Flaw

Submitted by on December 9, 2010 – 10:10 PM

Browser history hijacking is a flaw in a web browser that allows certain websites access to all the sites a user has ever visited.  This is a techniques used by sporting, news, movie, financial and porn websites to better place ads and check to see if you have visited any of their competitors.

The information is captured by a script that is executed on the visiting site against your web browser to see if stored links have changed colors.  If the link is a different color, then that indicates a visited sited.

A survey conducted by researchers from University of California at San Diego concluded out of 50,000 most visited websites; nearly 500 of them were capturing browser history from users with porn sites being among the highest offenders.

Modern browsers such as Apple’s Safari, Google’s Chrome and Firefox version 3.6 and above are not vulnerable to the browser history-hijacking flaw.  Internet Explorer unfortunately is vulnerable to browser history hijacking but is able to remediate the issue by turning on “Private Browsing” on the version 8 web browsers only.  You can activate “Private Browsing” in IE8 by either selecting that option from the Safety button at the upper right, or from the Tools menu in the Menu Bar if you have chosen to make that bar visible.

At the very least, this flaw, pose a risk to personal privacy.  Companies or hackers can collect your browsing history without your consent and target you for whatever purpose they what.

If you would like to see if your web browsers are vulnerable to the browser history hijacking flaw, a website has been created to check.  You can click here or paste the URL in yourself: http://whattheinternetknowsaboutyou.com/

In addition, to checking if your web browsers are vulnerable to the history hijacking issue; there is a lot of other useful information on the site to further preserve your web browsing privacy.  Among some are the following:

1. Disable your browser’s history – If you configure your browser to not keep any browsing history, no one will be able to detect which sites you visited.

2. Disable CSS styling of visited links - Remove special rules for displaying visited links, the cost is not immediately knowing which pages you’ve already been to.

3. Use special browser extension to fix the problem – If you are a Firefox 1.5/2 user, you can install the SafeHistory extension to protect yourself against the flaw.

Get the Flash Player to see the wordTube Media Player.

Share

Tags: , ,