New Take on an old CSS History Hack
Okay, maybe it’s not old yet, but Jeremiah’s CSS history hack has now been expanded by SPI Dynamics into a new way to know information about your users. SPI Dynamics showed that you can guess Google terms by enumerating through potential query string parameters. Although the math works out, the demo isn’t a particularly good example of how to do this - It seems a little buggy.
This could be particularly interesting if you are a marketing person and you want to do ultra targeted advertizing on your website given the search terms that the user has already used. Obviously there is a big chance you won’t find anything at all, but by knowing what the referring URL is you might be able to limit your searching to a small minority of interesting search terms that are valuable to market to. I always knew the root of all evil was marketing.
Here are my own mitigating factors (I’m sure there are more but this is just me personally). First of all I had JavaScript turned off. Next, I had Safe history’s cross domain restrictions. Lastly, I don’t use Google. Ouch! But the idea is the same and I’m certainly in some bizzarre ultra small group of internet users who should be locked up and studied, but the point is that this is very possible. Nice work from the SPI guys. See? I’m not such an ass. 
September 30th, 2006 at 2:06 am
I tried this a while back, when I first read about the history hack and it’s not too exciting. You have to test for an insane amout of links to get anything. I don’t know if this is feasible, but I gues it probably isn’t.
The SPI script didn’t find any of my queries both at Google and Yahoo. Example url:
http://www.google.com/search?num=50&hs=pxu&hl=en
&lr=&safe=off&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial
&q=viagra&btnG=Search
First, there are lots of parameters. Second, there’s the order of paramaters. Third, ccTLDs of the engines. It’s a lot of permutations. Maybe with some data mining on previous usage data, you can get some sufficiently common URLs to use with this.
September 30th, 2006 at 1:04 pm
That’s exactly what I was thinking… if you already had a referring URL with Google in it you might be able to infer more information like how it would be constructed. I wouldn’t bet money on it, but theoretically it’s possible.
October 6th, 2006 at 3:28 am
[…] Well, SPI made vnunet.com with their search engine query guessing thingie, but it’s really not that practical, it’s nothing new and comparing it to the AOL thing seems a bit silly. No such thing as bad publicity I guess. Also out this week are a more indepth view at ZERT’s latest patch (there was some discussion wether it was just an automated workaround or a “real” patch, see for yourself) and this paper on issues with the registration of binary formats within the Linux kernel, allowing the insertion of infection modules into kernel-space, which sounds cool but which I’ve been trying to get to load for 2 days now. I hope PSS updates soon. […]