Like all Web 2.0 sites, Facebook uses Ajax technology to provide increased functionality and a better user experience....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
One method that Facebook uses to improve page load times involves concatenating, or joining character strings and link information, to the end of a URL. However, this means the URL for the profile you've just visited is still present in the new Facebook URL. If you copy and send this URL to someone else, they will be able to discern the previous step in your Facebook browsing history. As I said, this isn't a major security issue, but it does create an unnecessary, and potentially embarrassing, leak of personal information. For example, it could contain a link to a support or action group that you'd prefer to keep private.
You can avoid this particular problem simply by manually refreshing a Facebook page before you copy the URL from your address bar, as this removes any references to previous pages. I'm not sure how you could make the refresh an enforceable step in your acceptable usage policy, but I would certainly make your users aware of the issue.
The problem may well be something that you take into account when deciding to block social networks from your corporate network, but I think greater social network concerns are time wasting, data leakage, malware attacks and bullying.
You should, of course, be aware of the many other ways that Web browsing history is stored and accessible. First, there's the browser's address box, which presents previously typed addresses in a drop-down box. Ctrl+H brings up the browser's history panel that logs the date, time and Web address of every page visited. These features can be either handy or embarrassing, depending on who's watching over your shoulder. Thankfully, this data can be easily purged. With Internet Explorer, click on Tools, then Internet Options, then click the Delete Browsing History button. For Firefox users, click Tools then Options, select the Privacy tab and click the Clear Now button. Both browsers give you the option to clear your browsing history when closing them and delete all data that they may collect while you're browsing, such as cookies and saved form data. In IE 7 and 8, these actions now also delete the corresponding entries in the index.dat files, another store of browsing activities.
Note: If you're wondering how useful browser history data can be to an attacker, there's a website that can pretty accurately determine your gender just by analyzing your browser history. This site's just for fun, but the same data can just as easily be misused by an attacker.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.