Timing is Everything — the Importance of History Detection

by Gunnar Kreitz

European Symposium on Research in Computer Security (ESORICS) 2011, LNCS 6879


In this work, we present a Flow Stealing attack, where a victim's browser is redirected during a legitimate flow. One scenario is redirecting the victim's browser as it moves from a store to a payment provider. We discuss two attack vectors.

Firstly, browsers have long admitted an attack allowing a malicious web page to detect whether the browser has visited a target web site by using CSS to style visited links and read out the style applied to a link. For a long time, this CSS history detection attack was perceived as having small impact. Lately, highly efficient implementations of the attack have enabled malicious web sites to extract large amounts of information. Following this, browser developers have deployed measures to protect against the attack. Flow stealing demonstrates that the impact of history detection is greater than previously known.

Secondly, an attacker who can mount a man-in-the-middle attack against the victim's network traffic can also perform a flow stealing attack.

Noting that different browsers place different restrictions on cross-frame navigation through JavaScript window handles, we suggest a stricter policy based on pop-up blockers to prevent Flow Stealing attacks.

Keywords. Web Security, Flow Stealing, CSS History Detection



This paper has been published on this web site under a Creative Commons license. Subsequently, the copyright to the conference version was assigned to Springer Verlag.

Creative Commons License
Timing is Everything — the Importance of History Detection by Gunnar Kreitz is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.