Browser 'privacy modes' not so private after all
PC World - All the major web browsers have a privacy mode that's supposed to cover a user's tracks after he or she finishes an Internet session, but a trio of researchers have found those modes fail to purge all traces of a Net surfer's activities.
For instance, Mozilla Firefox has something called a "custom handler protocol" that creates URLs that hang around even after a user leaves privacy mode.
Internet Explorer also blows a user's cover in privacy mode when it initiates SMB requests with a Web server. "Even if the user is behind a proxy, clears the browser state, and uses InPrivate, SMB connections identify the user to the remote site," the researchers--Gaurav Aggarwal and Dan Boneh, of Stanford University, and Colin Jackson, of Carnegie Melon University--wrote in a paper scheduled to be presented next week at the Usenix Security Symposium in Washington, D.C.
However, the trio found that the SMB flaw may be negligible because many ISPs filter SMB port 445.
They also raised a red flag about the potential for browser add-ons to undermine privacy modes. "Browser add-ons (extensions and plug-ins) pose a privacy risk to private browsing because they can persist state to disk about a user's behavior in private mode," the researchers wrote.
"The developers of these add-ons may not have considered private browsing mode while designing their software and their source code is not subject to the same rigorous scrutiny that browsers are subjected to," they added.
The researchers also discovered a way for Webmasters to determine if a user was accessing their site in privacy mode. They acknowledged, however, that the technique exploited an attack that had already been fixed in Safari, was soon to be shut down in Firefox and was expected to be closed up soon in IE and Chrome.
The bottom line from the trio's travails: don't do anything in privacy mode that you wouldn't do with the boss looking over your shoulder.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- IDC Report: The Future of eMail is Social This paper discusses the changing nature of collaboration and work fueled by the social Web by examining current email trends and the emergence...
- The Business of Social Business Social business represents a significant transformational opportunity for organizations. Read this whitepaper to learn more.
- Six Ways Your Small Business Can Save with Internet Phone Service Traditional phone systems present two main problems for businesses: limited features and high costs. As a result, small businesses are migrating to Internet...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Supercharge Your Web and Mobile App Development with High-Productivity Hybrid Cloud Webinar: Hear from industry experts about the amazing power at the intersection of next-generation web and mobile application development and cloud platforms.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Internet White Papers | Webcasts