We have discovered the side-channel vulnerability fundamental to Web Applications, which is reported in our paper to appear in the IEEE Symposium on Security and Privacy 2010, and receives strong media coverage.  Here are our demos.

1. Side-Channel Leaks of Google Search through Encrypted Wi-Fi

A high-resolution version of the video can be viewed here by switching the player from 360p to 480p.

In this video, we first typed a Google query "sniff" on a laptop, which was connected to a WPA2 Wi-Fi network. Then we ran out of the door and found a stranger's laptop, which had no credential to connect to the WPA2 network. The only thing the stranger's laptop could do was to capture raw packets. However, by running an analysis program, it recovered our query "sniff".

2. The attack against a famous health application

A high-resolution version of the video can be viewed here by switching the player from 360p to 480p.

In this video, we logged into the application, which is an HTTPS service. We entered "pancreatic cancer" using the keyboard, and the medication named "T-Tanna DM, By mouth" using mouse-clicks. We also searched for doctors with "Psychiatry" specialty. Another machine which ran an Ethernet sniffer could infer all the information.