Sunday, July 25, 2010

Ways to snoop 'private' web sessions identified

Furtive web surfers might not be able to rely on their web browser's private mode to hide their tracks.

Most web browsers offer a private mode, intended to leave no trace of surfing history on the computer. But Collin Jackson at Carnegie Mellon University in Pittsburgh, Pennsylvania, and colleagues, have found ways to detect which sites were visited with the mode enabled.

For example, many banking websites encrypt their data for security reasons by automatically establishing a secure key with the user's computer – but even if private browsing is enabled, details relating to the key remain stored on the computer's hard drive, allowing a hacker to establish that a particular site had been visited. A hacker could "guess what sites you've been to based on traces left behind", says Jackson.

These attacks on privacy "do not require a great deal of technical sophistication and could easily be built into forensics tools", he adds.
By Gareth Morgan/continue reading
Share/Save/Bookmark

No comments: