Re: cache cookies?

[Wham Bang <wham_bang () YAHOO COM>]

Kee Hinckley [nazgul () SOMEWHERE COM] wrote:
> Yes, it's really not a cookie, and I wish they hadn't used that
> term.  It's primarily useful for seeing if a user has visited
> a particular site recently.

Actually, you can use this to create the equivalent of a cookie.
This is described in the paper.  This part *isn't* about finding
out whether or not you've visited some other site.  It's about
getting some piece of information stored on your computer even
though you've disabled cookies.

The idea is that you can write arbitrary files into a user's cache.
The presence or absence of a file constitutes a single bit of
information which can then be retrieved using the timing attacks
that we are discussing.  So to get you to store the eight bit value
"01001010" I just need to get you to cache the following bunch of
(one pixel, transparent) images:

http://my.site.com/track/01000000.gif
http://my.site.com/track/00001000.gif
http://my.site.com/track/00000010.gif

with the presence of each in the cache denoting an "on" bit.

The paper also addresses how to read the bit associated with a
particular file without overwriting it (ie causing the file
to be cached).  Essentially, this involves using the Referer
header to distinguish read or write access to the bit
and cache-control headers to allow read-only access.  Quite
clever really. I haven't done any testing to see how reliable
it is, but the authors got pretty good results.

BTW, as someone else pointed, you can find the paper at
http://www.cs.princeton.edu/sip/pub/webtiming.pdf.

I hope this is helpful,


=====
Wham! <wham_bang () yahoo com>




__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/