Internet Explorer Vulnerable To Browser History Hijacking

How Firesheep Can Hijack Web Sessions

Is your browser history safe? According to security researchers, attackers -- or just curious websites -- can "sniff" every website previously visited by your browser.

That's the warning from researchers at the University of California at San Diego, who studied the use of JavaScript on the world's 50,000 most popular websites and found that "popular Web 2.0 applications like mashups, aggregators and sophisticated ad targeting are rife with different kinds of privacy-violating flows."

For example, researchers found that 485 of those 50,000 websites use code that can deduce a browser's history, 63 transfer the history to their network and 46 completely hijack the browser's history. These sites include Youporn, an adult website that's one of the world's 100 most popular websites, reports Alexa , which ranks websites based on traffic.

Whether used for attack or advertising-related purposes, history sniffing works by forcing a user to visit a website, where a hidden part of the page links to another website. Since browsers display links to visited sites differently, websites practicing history sniffing can use JavaScript to tell if the user has visited the referenced websites in question before.

Beyond history sniffing, the researchers also studied and found multiple examples of related techniques: cookie stealing (using a cookie to "see" other cookies), location hijacking (using cookie sniffing to force the user to visit a website) and behavior tracking (recording how a user moves the mouse over the screen).

These uses of JavaScript aren't just theory. According to the researchers, "Tealium and Beencounter sell services that allow a website to collect the browsing history of their visitors using history sniffing." Likewise, numerous websites -- including Microsoft, Wired, Yahoo Japan and YouTube -- use behavior tracking techniques, which allow websites to "construct a high-fidelity timeline of how a particular user interfaced with a web page," including clicks, mouse movements and records of copied text.

When it comes to history hijacking, current versions of most browsers -- including Firefox, Chrome and Safari -- are immune, but Internet Explorer is not. To block such attacks, IE users must enable "private browsing."