Article

Your browser history are Accessible via JavaScript


JavaScript code deployed by various websites and online advertising service providers exploit browser vulnerabilities to determine which sites you visit once and yet, according to new research by computer scientists at the University of California, San Diego.

The researchers documented JavaScript code secretly collecting information on various sites visited by the user's through "history sniffing" or "history pengendusan" and sending that information across the network. Although pengendusan history and the potential implications for privacy violation have been discussed and demonstrated, the new study provides an empirical analysis pengendusan actual history on the Web for the first time.

"Nobody knew if anyone on the Internet using pengendusan history to obtain personal information sites users visit. What were we able to show is that it is possible," said computer science professor Hovav Shacham UC San Diego. The computer scientists from the UC San Diego Jacobs School of Engineering presented this study in October on Computer and Communications Security Conference 2010 (CCS 2010) in a paper entitled, "An empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications".


1. History

history occur without your knowledge or permission and relies on the fact that browsers display a link or links to sites you've visited differently than you do not visit: normally you have visited link color purple, and blue unvisited. History pengendusan JavaScript code running on a Web page to check if your browser displays links to a particular website address with purple or blue.

Pengendusan history can be used by website owners to learn which competitor sites that have or have not been visited by the visitors. Pengendusan history can also be spread by various advertisers to build user profiles, or used by online criminals to collect information for phishing or phishing attack next. For example, to find sites which banks will inform you visit a fake bank page which will be displayed during a phishing attack aimed at collecting your bank account login information.

"JavaScript is an amazing thing, the script language allows things like Gmail and Google Maps and stack applications Web 2.0, but the script was also open many security vulnerabilities. We want the public to know that history pengendusan possible, it is going on out there, and a lot of people who are vulnerable to this attack, "said computer science professor Sorin Lerner UC San Diego, as quoted from Physorg (03.12.10).

The latest version of Firefox, Chrome, and Safari now block the history pengendusan attacks are monitored by computer scientists. However, Internet Explorer does not provide protection against pengendusan history. Anyway, anyone who is not using the latest version of the browser that is updated regularly is also vulnerable to attack.

2. Knowing History

"We built a dynamic data flow engine for JavaScript to track history pengendusan. Practical intstrumen I do not know the other can be used to perform this extensive study," said Jang Dongseok a computer science Ph.D. student UC San Diego who developed the JavaScript monitoring technology . The researchers plan to expand their research and learn what information is leaked by applications on social media and Web 2.0 sites other.

The computer scientists are looking pengendusan history on the front pages of the top 50,000 websites according to Alexa website ranking globally. They found that 485 of the top 50,000 sites inspect style properties that can be used to infer the browser's history. In the 458 sites, 63 transferred the browser's history to the network. "We confirmed that 46 of them actually do pengendusan history, any of these sites are in the top 100 Alexa rank," as written by the UC San Diego computer scientists in papers CCS, 2010.

3. Historical Perspective

The computer scientists say that history pengendusan not as dangerous for your privacy or identity as malicious programs (malware) that can steal your banking information or your entire Facebook profile. However, according to Shachan, "pengendusan history allows each site you visit to be able to track your browsing habits on other sites, regardless of whether both sites have a business relationship or not."

To see how pengendusan history in practice you can visit: http://www.whatthe ... aboutyou.com.

"I think they have to update or change the browser they may now have to worry about things other than pengendusan history, like keeping their Flash plug-in that latest fixed so that they are not exploited. However, this does not mean that the company companies that have been in the history pengendusan 60 percent of the current user population that are susceptible to it to get free entry, "said Shacham.


4. Track the history

Pengendusan detector history of UC-San Diego analyzing JavaScript running on the page to identify and label all instances when the browser history is being checked. The way the system labels every potential pengendusan activity history can be compared to the ink or paint is added by the bank to the bags of stolen money.

"As soon as the JavaScript tries to see all the colors of a link, we immediately gave" paint "the activity. Several websites gather information but never sent it to the network, so there's still all the" cat "in your browser. However, in other cases, we observed "cat" is sent to the network indicating that pengendusan history is happening, "said Lerner. The computer scientists just take it as pengendusan history if the browser history information sent over the network to a server.

"We detect when the browser history checked, collected on the browser and sent to the network from the browser to their servers. What then do those servers to information that is speculation," said Lerner.

Pengendusan approach "paint" for monitoring JavaScript could be used for more than just pengendusan history, obviously Lerner. "It can be useful to know what information is being leaked by applications on a variety of Web 2.0 sites. Many applications using JavaScript heap."

Therefore, it is advisable for you to regularly update the browser that you use for your security and privacy on the Internet.

Free Articles! Please enter your email.
Print PDF
Next
« Prev Post
Previous
Next Post »
Copyright © 2012. My Article - All Rights Reserved | Template Created by Kompi Ajaib | Modified by Ibrahim Lubis