W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2012

[whatwg] Domain transfer security

From: Simon Brown <mail@simonandrewbrown.co.uk>
Date: Tue, 12 Jun 2012 20:31:45 +0100
Message-ID: <4FD79921.70306@simonandrewbrown.co.uk>
To: whatwg@whatwg.org
I have thought of a possible security problem that may be reduced with a
change to the specifications (though I'm not sure exactly how).

1. An attacker has control of a popular site.
2. The attacker buys a valuable domain.
3. The attacker creates a page on the site that sends all
cookies/localstorage/etc. to their site.
4. The attacker enables caching the page with appcache.
5. The attacker embeds the page in a small iframe on the popular site,
so that anyone visiting the popular site has the page cached.
6. The attacker sells the domain on.
7. The popular site continues to receive traffic, and people who
regularly visit both sites have their session/data/etc. on the new site
compromised.

I guess one possible solution would be to allow SSL sites to specify
through a header that only appcaches from certain public keys to be
carried over, though this seems quite complicated and wouldn't work for
the majority of websites.
Received on Tuesday, 12 June 2012 19:32:20 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:43 UTC