[whatwg] Domain transfer security

I have thought of a possible security problem that may be reduced with a
change to the specifications (though I'm not sure exactly how).

1. An attacker has control of a popular site.
2. The attacker buys a valuable domain.
3. The attacker creates a page on the site that sends all
cookies/localstorage/etc. to their site.
4. The attacker enables caching the page with appcache.
5. The attacker embeds the page in a small iframe on the popular site,
so that anyone visiting the popular site has the page cached.
6. The attacker sells the domain on.
7. The popular site continues to receive traffic, and people who
regularly visit both sites have their session/data/etc. on the new site
compromised.

I guess one possible solution would be to allow SSL sites to specify
through a header that only appcaches from certain public keys to be
carried over, though this seems quite complicated and wouldn't work for
the majority of websites.

Received on Tuesday, 12 June 2012 19:32:20 UTC