Skip to Content

Monthly Archives: July 2011

Searching session cookies and click-streams

Written on July 31, 2011 at 1:06 pm, by

In our paper on Google’s session cookie information leakage, Vincent Verdot and I described how to captures SID cookies on a shared network and run the attack with Firesheep (see the previous post). Nevertheless, there are other ways to capture such cookies. For instance one could use malware to capture search traffic, but the simplest […]

Show me your Cookie and I’ll tell you what you visited

Written on July 19, 2011 at 9:34 pm, by

Web Search History Information Leakage Back in February, I re-discovered a small flaw in Google Search: result personalization leaks the list of results you clicked on. This leak was already known and mentioned in a paper by Castelluccia et al., but several features added by Google made it critical. First there is the possibility (for […]