Vulnerability Development mailing list archives
Re: a method for bypassing cookie restrictions in web browsers
From: Kevin Fu <nospam-google-me () MIT EDU>
Date: Tue, 20 Jan 2004 11:34:09 -0500
Felten and Schneider showed how to determine whether a user had visited a given site by using web caching and timing measurements. Although it was probabilistic, the attack allowed a third party to determine whether a user had visited a given web site. http://citeseer.nj.nec.com/felten00timing.html -Kevin Fu >This does appear to be a known way of tracking web users without >using cookies: >http://sourcefrog.net/projects/meantime/ > >> >> Any thoughts? Is the technique something new?
Current thread:
- a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 19)
- Re: a method for bypassing cookie restrictions in web browsers Dave McKinney (Jan 19)
- Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 21)
- [Full-Disclosure] Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 21)
- <Possible follow-ups>
- Re: a method for bypassing cookie restrictions in web browsers Kevin Fu (Jan 20)
- Re: a method for bypassing cookie restrictions in web browsers Dave McKinney (Jan 19)