As you can see from the above video, it is very easy for anyone to know when you are logged into Gmail, Twitter and Facebook without having to place any suspicious code on your PC. All you need to do is visit a website to check whether or not you are logged in on these sites. Your information can be tracked, no matter whether it uses HTTPS or not and whether you visit the website or not.
This is basically very scary because this is a cross-platform hack and is done through a image which is hosted by these services. Though, I do know that on how this is done, I don’t have any solutions to negate this problem right now, but I am really trying to figure out one. Till then there is nothing you can do about it. Fun right?
I have reached out to Gmail, Facebook and Twitter about this and am awaiting a response. Will update this post once I get one. Till then, you are not safe on the internet.
The hack basically uses the HTTP status code to find out whether you are logged in or not into these services. Since these images are hosted on Gmail, Twitter and Facebook a user basically has to log in to view them, so it becomes easy to figure out when you are logged in or not. If you are curious to see this in action, visit this page.
For more information, check out Hack A Day on how HTTP Status codes can be abused.
(Video and most of the reporting done by Amit Banerjee)