Mining Browsing History With Google Cookie Data 40
mikejuk writes "Recent research reveals details on how Google's SID cookie can be used to discover what websites a user has visited. In principle, the cookie is a low security risk because it doesn't allow acess to any data without authentication — thus it is sometimes transmitted in the clear and easy to intercept. With a little help from Google Search History and the 'Visited Pages' filter, researchers were able to list up to 80% of the pages visited by volunteer victims. Throw into the mix the 'social' filter and you can discover a lot more."
Re:Google (Score:3, Insightful)
Google shouldn't even try to do datamining...
i'm sure the web will just index itself.
Re:Interesting (Score:4, Insightful)
The SID is just Google's "session ID", it doesn't contain browsing data itself. They were just hijacking the session id and using it in Google searches, then looking at the results to try to determine a user's search history based on what Google sent back.
Stealing someone's session cookie and then using it to get information about the victim? This is *definitely* nothing new, and I'm sure there are tons of other sites vulnerable to the same attack...