Vulnerability Development: Re: a method for bypassing cookie restrictions in web browsers

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: a method for bypassing cookie restrictions in web browsers

From: Kevin Fu <nospam-google-me () MIT EDU>
Date: Tue, 20 Jan 2004 11:34:09 -0500

Felten and Schneider showed how to determine whether a user had
visited a given site by using web caching and timing measurements.
Although it was probabilistic, the attack allowed a third party to determine
whether a user had visited a given web site.

http://citeseer.nj.nec.com/felten00timing.html

-Kevin Fu


>This does appear to be a known way of tracking web users without
>using cookies:
>http://sourcefrog.net/projects/meantime/
>
>>
>> Any thoughts? Is the technique something new?

By Date By Thread

Current thread:

a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 19)
- Re: a method for bypassing cookie restrictions in web browsers Dave McKinney (Jan 19)
  - Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 21)
  - [Full-Disclosure] Re: a method for bypassing cookie restrictions in web browsers Michal Zalewski (Jan 21)
- <Possible follow-ups>
- Re: a method for bypassing cookie restrictions in web browsers Kevin Fu (Jan 20)