- From: Eduardo Vela <sirdarckcat@gmail.com>
- Date: Wed, 9 Dec 2009 17:45:50 +0800
- To: public-web-security@w3.org
- Message-ID: <8ba534860912090145q2e365b95je079513d3c1950d@mail.gmail.com>
Hi! Well.. apparently the CSS attribute reader attack received attention on this list, so I want to point out some other attacks that were disclosed last year regarding CSS attacks. We presented on Microsoft Bluehat this ppt (CSS The Sexy Assassin): http://tinyurl.com/cssattacks Anyway, I think we can't do much about it.. but since the presentation was closed (eg. only people with an invitation from microsoft could attend), the details aren't very well explained out there.. so this may help as a pointer if anyone is interested on any other attacks possible by only using CSS. Mostly, the cooler attacks are: Navigation monitor: meaning that I can know what page you are visiting and the exact second you clicked a new link. History crawler: like the known :visited hack, but with the power of crawling the pages you visited in order to get a complete history. LAN scanner + CSRF attack: the same, using the visited selector, you can detect which IP address are alive and with an HTTP server running and launch CSRF attacks against them. Check the PPT for cool graphs :) Links with moar info: http://www.thespanner.co.uk/2008/10/20/bluehat/ http://sirdarckcat.blogspot.com/2008/10/about-css-attacks.html http://p42.us/css/ http://eaea.sirdarckcat.net/cssar/v2/ http://sla.ckers.org/forum/read.php?13,25016 http://sla.ckers.org/forum/read.php?4,29358 http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/ Greetings!! -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China
Received on Wednesday, 9 December 2009 09:46:43 UTC