Browser-uniqueness.pdf (application/pdf Object) Announcing "Browser Security Handbook" Posted by Michael Zalewski, Security Team.
Many people view the task of writing secure web applications as a very complex challenge - in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of the subtle differences and unexpected interactions between various browser security mechanisms. Through the years, we found that having a full understanding of browser-specific quirks is critical to making sound security design decisions in modern Web 2.0 applications. For example, the same user-supplied link may appear to one browser as a harmless relative address, while another could interpret it as a potentially malicious Javascript payload. EFF Publishes Study On Browser Fingerprinting. BrowserSpy.dk. Main - browsersec - Browser Security Handbook landing page - Browser Security Handbook. Browsers' private modes leak info, say researchers.
News August 10, 2010 12:54 PM ET Computerworld - Browsing in "private mode" isn't as private as users think, a researcher said today.
"There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University. Tracking Browsers Without Cookies Or IP Addresses? Indiscrete web browsers assist de-anonymisation.