User:Sidstamm/CSS History Sniffing Links
From MozillaWiki
UCSD paper: http://cseweb.ucsd.edu/~hovav/papers/jjls10.html (Identifies sites that use getComputedStyle() on a link and then transmit the result somewhere). This paper identifies a large number of top sites that use getComputedStyle() either on their own or through the help of a third party information gathering service.
CSS History Snooping (bug 147777)
Webkit Bug: https://bugs.webkit.org/show_bug.cgi?id=24300
Relevant Links:
- http://browser-recon.info
- http://browserspy.dk/css-exploit.php
- http://www.azarask.in/blog/post/socialhistoryjs/
- http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript/
- http://startpanic.com
- http://web2.0collage.com/
- http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/
- http://whattheinternetknowsaboutyou.com/
- http://ha.ckers.org/blog/20091008/css-history-hack-used-to-ban-torrent-users/
- http://caughtyouwatching.com/
- http://draketo.de/light/english/your-browser-history-can-be-sniffed-64-lines-python-tested-firefox-353
- http://didyouwatchporn.com/
- http://ha.ckers.org/blog/20100125/css-history-hack-in-firefox-without-javascript-for-intranet-portscanning/
- http://whattheyknow.cs.wpi.edu/
- http://www.cssfingerprint.com/
- http://www.niallkennedy.com/blog/2008/02/browser-history-sniff.html
- http://www.beencounter.com/
- http://www.haveyourfriendsbeenthere.com/
- http://33bits.org/2010/02/18/cookies-supercookies-and-ubercookies-stealing-the-identity-of-web-visitors/#comment-1080
- http://arstechnica.com/security/2014/06/theyre-ba-ack-browser-sniffing-ghosts-return-to-haunt-chrome-ie-firefox/