- From: Keiji Takeda <tkeiji@w3.org>
- Date: Wed, 2 Dec 2015 11:04:00 -0500
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
I think this is worth sharing here.
Sniffly (presented at ToorCon2015 by yan zhu/MIT) abuses HSTS and CSP to
steal browser history.
Sniffy:
https://github.com/diracdeltas/sniffly
Presentation:
https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf
Demo(tries to show sites you visited):
http://zyan.scripts.mit.edu/sniffly/
Keiji
Received on Wednesday, 2 December 2015 16:04:02 UTC