With the success of Web applications, most of our data is now stored on various third-party servers where they are pro-cessed to deliver personalized services. Naturally we must be authenticated to access this personal information, but the use of personalized services only restricted by identifi-cation could indirectly and silently leak sensitive data. We analyzed Google Web Search access mechanisms and found that the current policy applied to session cookies could be used to retrieve users ’ personal data. We describe an at-tack scheme leveraging the search personalization (based on the same sid cookie) to retrieve a part of the victim’s click history and even some of her contacts. We implemented a proof of concept of this attack on Firefo...
Accepted at the 22nd Privacy Enhancing Technologies Symposium (PETS 2022)International audienceState...
User data is the primary input of digital advertising, fueling the free Internet as we know it. As a...
Browser-based defenses have recently been advocated as an effective mechanism to protect potentially...
Abstract. As the amount of personal information stored at remote service providers increases, so doe...
Authentication cookies allow for convenient online user authentication, but potential security prob-...
Modern websites set multiple authentication cookies during the login process to allow users to rema...
The web has become a new, highly interactive medium. Many modern websites provide their users with t...
Nowadays it is easy to track web users among websites: cookies, web bugs or browser fingerprints are...
Summarization: In this paper, we focus on authentication and authorization flaws in web apps that en...
We investigate the subtle cues to user identity that may be exploited in attacks on the privacy of u...
Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Interne...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Theft of browser authentication cookies is a serious security problem. Cookies stolen, e.g., by copy...
Many modern websites are built on a "mash-up " of numerous web technologies and libraries....
Browser-based defenses have recently been advocated as an effective mechanism to protect web applica...
Accepted at the 22nd Privacy Enhancing Technologies Symposium (PETS 2022)International audienceState...
User data is the primary input of digital advertising, fueling the free Internet as we know it. As a...
Browser-based defenses have recently been advocated as an effective mechanism to protect potentially...
Abstract. As the amount of personal information stored at remote service providers increases, so doe...
Authentication cookies allow for convenient online user authentication, but potential security prob-...
Modern websites set multiple authentication cookies during the login process to allow users to rema...
The web has become a new, highly interactive medium. Many modern websites provide their users with t...
Nowadays it is easy to track web users among websites: cookies, web bugs or browser fingerprints are...
Summarization: In this paper, we focus on authentication and authorization flaws in web apps that en...
We investigate the subtle cues to user identity that may be exploited in attacks on the privacy of u...
Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Interne...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Theft of browser authentication cookies is a serious security problem. Cookies stolen, e.g., by copy...
Many modern websites are built on a "mash-up " of numerous web technologies and libraries....
Browser-based defenses have recently been advocated as an effective mechanism to protect web applica...
Accepted at the 22nd Privacy Enhancing Technologies Symposium (PETS 2022)International audienceState...
User data is the primary input of digital advertising, fueling the free Internet as we know it. As a...
Browser-based defenses have recently been advocated as an effective mechanism to protect potentially...