Re: Secure Chrome

Chris Drake wrote:
> Hi Amir,
>
> Either you didn't look at googles demo, or you just got tricked by
> that spoof web site?
> http://guardpuppy.com/BrowserChromeIsDead.gif
>
> There is no browser window or popup of any kind shown in the above
> picture.  It's a <DIV>.  It could just as easily be an <IMG> with a
> <form> overlaying it via CSS.
>   
Chris, this was very clear to me - in fact, the foils I've presented at 
the NYC meeting include this attack...

OTOH, you may be right, there may already be enough tricks to do 
persistent user identification, and that may be a good technique. Can 
you provide a bit more detail or reference to what may be good 
persistent identifiers?

Best, Amir Herzberg

Received on Tuesday, 13 June 2006 05:27:27 UTC