sorry I cannot get what you are trying to say. Yes, in order to get the WebHistory you have to have the account credentials and yes, in order to root a system you have to have system access. What’s the difference?

the real danger is that if someone has your account details, they could potentially become your invisible stalker.

…but if they have your account details, they can log read/write your email as well.

This seems little different from “root on your system can install software that can monitor all your activies!” - yeah, password auth is crap - we know that…

please understand that in order for someone to access your WebHistory they need to have your username and password on first place. This means that they can simply enable the feature if it is disabled. As I mentioned before:

keep in mind that the purpose of this post is not to show how to own people but elaborate on what can be done after that. I mean, if the attacker has access to your account, they may as well turn the WebHistory ON if it is OFF. All attackers want from you is to get your secrets. Consider it like the situation where you have a physical/remote access to a machine and now you want to install a rootkit or keylogger.

Alright, it might be opt-out on the sign up page, but its not enabled for people who already had an account before they added the feature.

And it doesn’t really seem the kind of feature that people wouldn’t opt-out of.

not bad idea. now when I am thinking, you can use the WebHistory for pretty much everything, like a covert channel for a botnet… evil I know.

I think might be able to present another presentation in OWASP US, this year. The topic will include things like the one you mentioned.

for sure you can delete the WebHistory, but check this out: It is enabled by default! How about that? check this link or just preview the following screenshot :)

Google WebSearch is just one of the many services that offer feed export. Pretty much everything else has that option too and can be accessed through basic auth. I know that this is an obstacle. However, keep in mind that the purpose of this post is not to show how to own people but elaborate on what can be done after that. I mean, if the attacker has access to your account, they may as well turn the WebHistory ON if it is OFF. All attackers want from you is to get your secrets. Consider it like the situation where you have a physical/remote access to a machine and now you want to install a rootkit or keylogger.

as I mentioned on FD:

the point that I am try to make is that the attacker doesn’t need to have access to your computer anymore. The data is available online 24/7. It is a lot easier to access Google Feed then some computer behind some obscured and poorly configured NATed network.

Moreover, just to add here, attackers can access several people’s profiles easily. And no tracks are left behind.

stealing search engine queries is nothing particularly new, and i’ve always enjoyed http://aolstalker.com