Internet Explorer Vulnerable To Browser History Hijacking

Researchers found that 1% of the worlds most popular websites can force Microsofts IE to reveal every past website visited unless private browsing controls are enabled.

(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Is your browser history safe? According to security researchers, attackers -- or just curious websites -- can sniff every website previously visited by your browser.
Thats the
warning
from researchers at the University of California at San Diego, who studied the use of JavaScript on the worlds 50,000 most popular websites and found that popular Web 2.0 applications like mashups, aggregators and sophisticated ad targeting are rife with different kinds of privacy-violating flows.
For example, researchers found that 485 of those 50,000 websites use code that can deduce a browsers history, 63 transfer the history to their network and 46 completely hijack the browsers history. These sites include Youporn, an adult website thats one of the worlds 100 most popular websites, reports
Alexa
, which ranks websites based on traffic.
Whether used for attack or advertising-related purposes, history sniffing works by forcing a user to visit a website, where a hidden part of the page links to another website. Since browsers display links to visited sites differently, websites practicing history sniffing can use JavaScript to tell if the user has visited the referenced websites in question before.
Beyond history sniffing, the researchers also studied and found multiple examples of related techniques: cookie stealing (using a cookie to see other cookies), location hijacking (using cookie sniffing to force the user to visit a website) and behavior tracking (recording how a user moves the mouse over the screen).
These uses of JavaScript arent just theory. According to the researchers, Tealium and Beencounter sell services that allow a website to collect the browsing history of their visitors using history sniffing. Likewise, numerous websites -- including Microsoft, Wired, Yahoo Japan and YouTube -- use behavior tracking techniques, which allow websites to construct a high-fidelity timeline of how a particular user interfaced with a web page, including clicks, mouse movements and records of copied text.
When it comes to history hijacking, current versions of most browsers -- including Firefox, Chrome and Safari -- are immune, but Internet Explorer is not. To block such attacks, IE users must enable private browsing.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Internet Explorer Vulnerable To Browser History Hijacking