[thelist] Interesting new Browser history sniffing trick

[Chris Hayes]

----- Original Message ----- 
From: "Christian Heilmann" <codepo8 at gmail.com>

> Mine does, as I am using height and offsetHeight:
> http://icant.co.uk/sandbox/nickhistory.html
>
> The only browser that doesn't work is Opera.
>
> This is a security concern, however, not as bad as you might think it
> is, as it is trial and error to guess full urls and banking urls are
> unique to the session anyways. What it allows you a lot easier though
> is phishing, as you could pop up a window with a logo of the bank that
> is in your history to ask for your details. As newer browsers will
> display the real location in the popup this is harder to spoof,
> however you can still fake a popup with a layer ad.

Interesting too that I've never go to www.cnn.com but it's the only link 
found.

Looks like somebody's been using MY computer said Daddy Bear.  :)