Cenzic 232 Patent
Paid Advertising
web application security lab

Porn, CSS History Hacking, User Recon and Blackmail

Every once in a while it becomes clear that there is a nice convergence of technologies and of the ecosystem itself where it may be possible to divine the future through the tea leaves. I stumbled across a page that shows how you can measure how many of your visitors look at porn using the CSS History hack. Now let’s take a step back. This is the second time I’ve seen the CSS history hack used in a production environment in just a few weeks, and never before. Two completely different applications (one for blocking Torrent users and this one, presumably just for fun). Two in a few weeks… statistically irrelevant possibly, but maybe it’s also pointing towards a new convergence of interest in this relatively old technique.

Now let’s take some of the stuff that Jabra and I (and others throughout the last several years) have been working on to actually get usernames and even people’s full real names from computers (here and here). Now what if you knew that Mr. Conservative Republican Congressman from a bible belt constituency was visiting a gay porn site? Suddenly something as simple as a few de-cloaking hacks turns into a perfect way to blackmail someone. I’m not saying it absolutely will happen, I’m just saying that we now have enough tools at our disposal and there is enough interest converging towards anti-privacy that it wouldn’t take much to turn it into a viable weapon against prominent individuals. The only trick is surfacing the JavaScript payload to the right demographic. XSS anyone?

9 Responses to “Porn, CSS History Hacking, User Recon and Blackmail”

  1. Nick Says:

    I was actually mulling over the possibility of using something similar the other day although for different purposes!

    One of our clients has a site and the unique selling point is that they are a “family friendly” site (the main competitors are pretty “not safe for work”) . They run adsense on the site, but due to the content on the site, pick up a lot of ads for adult orientated sites. They obviously need to filter these out to remain family friendly but they make the most money through these ads.

    By using a css history hack, you could effectively profile a user and tailor the ads to that persons sensibilities. If they look at porn sites then they surely can’t be offended by seeing more adult themed adverts.

    I doubt the client would go for it, but it’s an interesting idea!

  2. João Maurício Says:

    Another possibility is to discover, for example, Facebook profiles. I’m really in a rush right now, but I think it’s easy to realise how to do it.

    Cheers for the post!

  3. Shock Marketer Says:

    Well, I’ve been using the hack quite a while for advertising analytics. It’s so useful. Block competitors, show proper LPs to the right demographic, etc. They’ve barely scraped the surface with this - believe me.

  4. Filterer Says:

    Well if you make a site which makes fun of browser security you better be damn sure you website isn’t open to XSS

    Opps!

  5. Hannibal Says:

    The one uses company resources or shared resources to visit gay sites, or other sites that would rather be unnoticed, deserves to be blackmailed :P :DD

  6. Mr. Tripod Says:

    Interesting post. Instead of blackmailing for porn, could you use this to see if someone’s browser was compromised? Maybe put it on the intranet and look for cnxns to .cn or .ru?

  7. HeresTomWithTheWeather Says:

    an easy way to reach the right demographic is to tweet a relevant hashtag and include a tinyurl.

  8. Flam Says:

    Oh lord.
    This article is amazing yet frightening.

  9. mRt Says:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/caught/public_html/index.php on line 241

    Nice warning anyway…