Floragasse 7 – 5th floor, 1040 Vienna

News

Adrian Dabrowski @ MoST 2016

Adrian Dabrowski gives a talk about “Browser History Stealing with Captive Wi-Fi Portals” at the Mobile Security Technologies (MoST) 2016, held as part of the IEEE Computer Society Security and Privacy Workshops, in conjunction with the IEEE Symposium on Security and Privacy in San José.

Abstract: In this paper we show that HSTS headers and long term cookies (such as those used for user tracking) are so prevailing that they allow a malicious Wi-Fi operator to gain significant knowledge about the past browsing history of users. We demonstrate how to combine both into a history stealing attack by including specially crafted references into a captive portal or by injecting them into legitimate HTTP traffic.

More information can be found here.

This Website uses Cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close