Re: [css-shaders] security - timing attacks from Gregg Tavares (wrk) on 2011-10-20 (www-style@w3.org from October 2011)

From: Gregg Tavares (wrk) <gman@google.com>
Date: Thu, 20 Oct 2011 16:58:21 -0700
To: Dean Jackson <dino@apple.com>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Chris Marrin <cmarrin@apple.com>, www-style list <www-style@w3.org>
Message-ID: <CAKZ+BNoDW=exsqgodfxcftQ_BCzyrr9P_mP80M4ujRgiGFU+wA@mail.gmail.com>

On Thu, Oct 20, 2011 at 4:06 PM, Dean Jackson <dino@apple.com> wrote:

>
> On 20/10/2011, at 2:31 PM, Tab Atkins Jr. wrote:
>
> > This scenario really depends on a pixel shader having
> > access to the pixels of cross-domain iframes, though.  If we just
> > blanked the element's rectangle before giving it to the shader, that
> > attack would be defeated.  The remaining leakage is probably small
> > enough to not worry about, you're right.
>
> I think that's the key here. A CSS shader (or even any CSS filter really)
> should not get any cross-domain iframe content as input.
>

Even without that you can spy on a user's link history by checking his
"visited" colors using this method.


>
> Dean
>
>

Received on Thursday, 20 October 2011 23:58:56 UTC