On 22/08/11 20:08, stringer@xxxxxxxxxxx wrote: > "The JonDoFox research team has uncovered a new attack on web > browsers: Affected are the web browsers Firefox, Chrome and Safari. > By a hidden call over of a URL with HTTP authentication data, third > party sites could track a user over several web sites, even if the > user blocks all cookies and other tracking procedures. For doing > this, it is sufficient to include a simple CSS file: > <link rel="stylesheet" type="text/css" > "http://Session:638431048@xxxxxxxxxxxx/auth.css.php";> FWIW, there are many ways to track a browser cross-site and across restarts, even if you have javascript and cookies and flash cookies disabled. I recently blogged about a bunch of them which abuse the browser cache here: https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk