Hacking HTTP Status Codes
One website can learn if you’re logged into other websites.
When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, Gmail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into Gmail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?
Otto • February 2, 2011 2:40 PM
For the record, yes, I am logged into many, many porn sites.
There. Now you know. 😉