You Have Been There

22. July, 2009

The first step in an attack is to gather information. You’re probably browsing with Firefox, have all the usual plugins installed (AdBlock Plus, NoScript), you’ve disabled cookies and you think you’re safe.

Security doesn’t work like that. Let me give you an example. You may already know that servers save little bits of information on your computer to recognize you when you return. Cookies.

But there is another way to know where you’ve been. Can you guess it? No? Look at the links. Still nothing? The color? It changes after visiting a site?

So the solution is to use a piece of JavaScript (and almost every site on the ‘net needs JS these days) and examine the color of your links. Gotcha.

Next time, disable your browser history, too. And the cache. And the proxy. And JavaScript. Better yet, don’t start it anymore.

%d bloggers like this: