2 3

Abusing HTTP Status Codes to Expose Private Information grepular.com

in Metrics 324 views

When you visit my website, I can automatically and silently determine if you're logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you're logged into GMail, but would you care if I could tell you're logged into one or more porn or warez sites? Perhaps http://oppressive-regime. Continue Reading

3 minute read

Get more things like this direct to your inbox.

Signup to comment