Various browsers have serious privacy leaks!

Howdy malware fighters,

This has just been reported a serious privacy leakage in all browsers through Javascript Math.random function and boundary string that leak info. Re: http://www.trusteer.com/files/Temporary_User_Tracking_in_Major_Browsers.pdf
This surpasses IE’s InPrivate mode, Firefox’s Private Browsing, Safari’s Private Browsing en Chrome’s Incognito mode completely and utterly.
Only NoScript protects us here for all the sites you have blocked with the extension,

polonus

Thanks pol^^

CAnt believe it surpassed FF’s Private browsing…

-AnimeLover^^


I see no mention of Opera in the list in your post.


From the document:

• Opera (all versions up to and including 9.63 and 10-alpha) probably on all platforms. According to Opera’s security team, Opera is vulnerable to the attacks described in this document. Opera was not included in the research conducted by the author, and therefore Opera is not covered in this document.

I also nearly missed it :slight_smile:

Thanks for the document, polonus!

yours
onlysomeone


Thanks for the answer, onlysomeone. :slight_smile:

Yes, I missed it. ::slight_smile:


And from the summary section of the document:
“Opera – fixed in Opera 9.64
(http://www.opera.com/docs/changelogs/windows/964/ “Fixed a moderately
severe issue; details will be disclosed at a later date”), released on March 3rd
2009. The detailed Opera advisory is to be made available at
http://www.opera.com/support/kb/view/927/ simultaneously with this paper.
Also fixed in Opera 10beta.”

So we Opera users can breath a sigh of relief. Other browsers don’t seem to have acted so quickly…

^^FF is now 3.0.11^^

So they acted quickly^^

;D

-AnimeLover^^

These “private” modes are useless imo and i never use them. As long as you have to leave IP address as part of communications, all the cookies and stuff are totally minor stuff.
Besides, Private modes were designed just so you don’t lave traces in browser for other users to see.
For example if you’re browsing Pr0n pages and you don’t want that to end up in the history of the browser…