Tuesday, August 10, 2010

Web add-ons compromise 'private browsing'

A study by Dan Boneh of Stanford University claims that many browser add-ons or website security measures stop the 'private browsing' mode from working correctly.

Boneh and team examined the private browsing functions on Mozilla's Firefox, Microsoft Internet Explorer, Google Chrome and Apple's Safari and discovered all four were affected. Moreover, they discovered that all browsers retained the generated key pair even after private browsing ends which could leak the site's identity to an attacker.
"We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boneh said in the report.

"This observation suggests that some browser vendors may be mischaracterising the primary use of the feature when they describe it as a tool for buying surprise gifts."

Boneh and his researchers say they believe they are the first to show that 'private browsing' can be compromised.

See full article at PC Advisor. Related articles appear at THIN!.co.uk and BBC NEWS.