Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » HTTPS can be set as your super-cookie

HTTPS can be set as your super-cookie

2015/01/06

The Register - (International) A researcher demonstrated that the HTTP Strict Transport Security (HSTS) mechanism in HTTPS can be used by a malicious Web site to track which Web sites a user has visited due to HSTS creating a unique identifier to remember preferences for HTTPS sites. HSTS identifiers can be cleared in the Chrome, Firefox, and Opera browsers, are not used in Internet Explorer, but cannot be cleared in the Safari browser and syncs with the iCloud service as well.

Source: http://www.theregister.co.uk/2015/01/06/https_can_be_set_as_your_supercookie/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:00