If by 'brute force' you mean 'iterate through all legal usernames', I hadn't even thought of that!
I would expect someone instead to pick the leaderboard, or some other extant set of names (eg: Google [site:news.ycombinator.com inurl:user]), and just iterate over those.
(Sad aside: try that query at Google or Yahoo, and review the top 100 results. An awful lot of the usernames ranking highest are drug names.)
Yeah, I meant brute force over all registered usernames. I wrote a page that used the vulnerability you mentioned to check to see if a user has visited any of the top 100,000 websites: http://tlrobinson.net/misc/history.html (it seems to be broken now though) and it can churn through 100,000 tests in a few seconds.
I would expect someone instead to pick the leaderboard, or some other extant set of names (eg: Google [site:news.ycombinator.com inurl:user]), and just iterate over those.
(Sad aside: try that query at Google or Yahoo, and review the top 100 results. An awful lot of the usernames ranking highest are drug names.)