Abusing HTTP Status Codes to Expose Private Information

When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into GMail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?

Continuar a ler o artigo

Previous Article

WikiLeaks founder Assange slams Swiss banker arrest

Next Article

Operation: Egypt - #opegypt

View Comments (4)

Comments are closed.

Ver
Esconder