Monthly Archives: December 2010

What You Should Know About History Sniffing

History Sniffing is a term used for Web sites that run simple Javascript tricks to snoop into visitors’ Web browsing history. These tricks are nothing new, but they are in the news again, so it’s a good time to remind you about ways to combat this sneaky behavior.

The recent news is based on a study released by University of California, San Diego researchers who found that a number of sites were “sniffing” the browsing history of visitors to record where they’d been.

This reconnaissance works because browsers display links to sites you’ve visited differently than ones you haven’t: By default, visited links are purple and unvisited links are blue. History-sniffing code running on a Web page simply checks to see if your browser displays links to specific URLs as purple or blue.

These are not new discoveries, but the fact that sites are using this technique to gather information from visitors seems to have caught many by surprise.

As has been broadly reported for months, Web analytics companies are starting to market products that directly take advantage of this hack. Eric Peterson reported on an Israeli firm named Beencounter that openly sells a tool to Web site developers to query whether site visitors had previously visited up to 50 specific URLs.

Fortunately, the browser makers (most of them) have responded. These sniffing attacks do not appear to work against the latest versions of Chrome and Safari. Within Mozilla Firefox, these script attacks can be blocked quite easily using a script-blocking browser plugin, such as the Noscript add-on.

Mozilla addressed this history-sniffing weakness in a bug report that persisted for eight years and was only recently corrected, but the changes won’t be rolled into Firefox until version 4 is released. As a result, current Firefox users still need to rely on script blocking to stop this.

Internet Explorer currently does not have a simple way to block scripts from within the browser (yes, users can block Javascript across the board and add sites to a whitelist, but that whitelist lives several clicks inside of the IE options panel).

So the safest browsers to guard you against History sniffing would be Chrome and Safari.

adapted via

  • 12/08/2010
  • IT

Top Malware for November – Drive-by downloads and fake archives list

By far the biggest threat to users in November was drive-by downloads, attacks that result in malware being downloaded to users’ computers when they visit infected sites.

Below is a brief overview of how these attacks infect computers:

First of all, a user visits an infected site that contains a redirect script. The redirect leads to a script downloader which in turn is used to launch exploits. These breaches allow malicious executable files to penetrate the computer. They are primarily backdoors and Trojans that, if successfully launched, give cybercriminals full control over the infected system. In most cases, users will not be aware of the danger, as all drive-by attacks happen without their knowledge. Redirects are not restricted to sites belonging to cybercriminals but also appear on legitimate sites that have been compromised. This means that regularly installing patches and updates for operating systems and software is the only guarantee of avoiding infection.

Another significant threat in November was the spread of fake archives, an online scam that remains as popular as ever. A user is asked to send premium-rate SMSs so they can access the contents of an archive. Instead of receiving the information they wanted, users normally find that the archive is empty, “corrupt” or, worse, contains a malicious program.

The method for spreading fake archives is highly effective – when users look for something via a search engine, a page is automatically generated with a banner offering the desired information.

  • 12/07/2010
  • IT

Facebook: False Rumors Spread About Cartoon Characters

There are a number of rumors spreading about the purpose of the new cartoon character meme on Facebook, including rumors that the trend was started by a “group of pedophiles” which used the technique to “get children to accept their friend requests faster”. This rumor and others are false.

We also received emails this morning that the new meme was in support of “violence against children”. None of these rumors are true. In November the cartoon character meme began spreading around Facebook and there was no knowledge of the source. While Cartoon Network jumped on board and began promoting the activity via their Facebook page, it isn’t quite sure that they are the original source. Since then, a number of organizations have tried to take advantage of the meme and suggest users switch their profile pic.

The most recent organization was the “Campaign to end violence against children“, although it’s not confirmed that any official organization created this page. In the meantime, the following status update has been spreading around Facebook:

ATTENTION! JUST HEARD THIS on 60MINUTES: if you have a cartoon character set as your default, please romove it. This “support to stop Child Abuse” is a scam. The idea was started by a group of pedophiles to get children to accept their friend requests faster. It was just on TV and will be on the news tonight! Please post this as your status to spread the word and warn others!

The bottom line is that the rumors are false, however that isn’t stopping thousands of users from spreading false information about the cartoon character facebook meme.

Adapted via All FaceBoook

  • 12/06/2010
  • OS