When a URL is found whose color value matches the known value, it is identified
as one that the victim has visited and the JavaScript can send this information on to the
attacker.
The main limitation to this attack is that it requires the attacker to compile a list of
URLs she wants to check beforehand. This is because the JavaScript code is not capable
of reading the victim??™s entire browsing history directly from the browser, but is capable
of checking only against a hard-coded list of URLs. However, even this restriction does
not truly limit the privacy invasion of this attack, because attackers are often looking for
targeted information about a victim. For example, consider the case of a phisher wishing
to see what bank a victim uses. With this attack, the attacker could build a list of several
online banking institutions and then see which one the victim has visited. The attacker
could then target future phishing e-mails to the client based on this information.
This attack is relatively easy for an attacker to perform. Zane Lackey of iSEC Partners
has published a tool based on Jeremiah Grossman??™s proof of concept code. This tool can
be used by an attacker using the following steps:
1.
Pages:
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197