Don’t Let Your Bank Account Be Exploited!
February 9, 2008 Posted by James Oliver
In the early part of 2007, a friend of mine was one of the speakers at the MySQL convention in Las Vegas (I believe). While attending, he was able to listen to speakers from companies like Google, Yahoo, etc.
One of the things he learned and brought back to me was an exploit using javascript that allows a website owner to check through visited links (history), for websites. This can be useful for seeing if they’ve been to competition, and then you could even redirect them to a page that compares against the competition.
However, a more sinister and likely use to a less than ethical webmaster might be to check for banking institutions (Chase, Bank of America, PayPal, etc.) to see which you visit. Once they have this information, they’ll know which site to target you for.
This script could be loaded into a 1px X 1px iframe within a page and never even noticed by the end-user.
What can you do to protect yourself?
Use separate browsers. You can use one for your regular surfing/business, but use another browser for your banking. Dedicate a browser for your banking. There are tons of choices out there. Opera, FireFox, Eudora, Flock, etc. The browsing history does not cross browsers, so the “attacker” would not be able to find your browsing history. This is the best and most solid solution.
If you are a dedicated FireFox user, you can add the SafeHistory Extension (https://addons.mozilla.org/en-US/fi…x/addon/1502) and this will be helpful if you only want to use this browser.
There are no extentions like this for Internet Explorer because they don’t really care about security because they’re Microsoft and no one would ever exploit their browser 
To Read More… Visit http://www.merchantos.com/makebeta/tools/spyjax/ (Not my site. It’s just more information on the topic)
Hope this information is beneficial to you guys.
Leave a Reply