Skip to main content

Home/ Groups/ Information Security
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
21More

Plugging the CSS History Leak at Mozilla Security Blog - 0 views

blog.mozilla.com/...plugging-the-css-history-leak security web history mozilla online browsers privacy bugfix
shared by Seçkin Anıl Ünlü on 17 Apr 10 - Cached
  • History Sniffing
  • Links can look different on web sites based on whether or not you’ve visited the page they reference.
  • The problem is that appearance can be detected by the page showing you links, cluing the page into which of the presented pages you’ve been to. The result: not only can you see where you’ve been, but so can the web site!
  • ...18 more annotations...
  • The most obvious fix is to disable different styles for visited versus unvisted links, but this would be employed at the expense of utility: while sites can no longer figure out which links you’ve clicked, neither can you.
  • David Baron has implemented a way to help keep users’ data private while minimizing the effect on the web, and we are deploying it to protect our users.
  • The biggest threats here are the high-bandwidth techniques, or those that extract lots of information from users’ browsers quickly.
  • The JavaScript function getComputedStyle() and its related functions are fast and can be used to guess visitedness at hundreds of thousands of links per minute.
  • we’re approaching the way we style links in three fairly subtle ways:
  • Change 1: Layout-Based Attacks
  • First of all, we’re limiting what types of styling can be done to visited links to differentiate them from unvisited links.
  • can only be different in color
  • the CSS 2.1 specification takes into consideration how visited links can be abused:
  • implement other measures to preserve the user’s privacy while rendering visited and unvisited links differently
  • Change 2: Some Timing Attacks
  • we are changing some of the guts of our layout engine to provide a fairly uniform flow of execution to minimize differences in layout time for visited and unvisited links.
  • when the link is styled, the appropriate set of styles is chosen making the code paths for visited and unvisited links essentially the same length.
  • Change 3: Computed Style Attacks
  • JavaScript is not going to have access to the same style data it used to.
  • Firefox will give it unvisited style values.
  • it’s the right trade-off to be sure we protect our users’ privacy.
  • fixing CSS history sniffing will not block all of these leaks. But we believe it’s important to stop the scariest, most effective history attacks any way we can since it will be a big win for users’ privacy.
1More

How I would Hack your PC, Mac with USB HID - 1 views

feedproxy.google.com/~r/taranfx/~3/xD8CZ-NgwE8/pc-mac-usb-hid-hack?title=How I would Hack your PC, Mac with USB HID hack usb hid hardware malware
shared by Seçkin Anıl Ünlü on 17 Apr 10 - No Cached
  • Seçkin Anıl Ünlü on 17 Apr 10
     
    We live in the world full of serpents, overlook things for seconds and you are bitten to death. Trojans, viruses, malware are everywhere. They find new
1More

HITECH Act Enforcement Interim Final Rule - 0 views

www.hhs.gov/...hitechenforcementifr.html hipaa security
shared by Rich Hintz on 16 Mar 10 - Cached
  • Rich Hintz on 16 Mar 10
     
    HITECH HIPAA
1More

Open CRS - CRS Reports for the People - 2 views

opencrs.com/R40161 hipaa security
shared by Rich Hintz on 16 Mar 10 - Cached
  • Rich Hintz on 16 Mar 10
     
    The Health Information Technology for Economic and Clinical Health (HITECH) Act
1More

Amazon.com: A New Host-Based Hybrid IDS Architecture - A Mind Of Its Own: The Know-how ... - 0 views

www.amazon.com/...ref=sr_1_1 ids intrusion detection system intrusion detection host-based intrusion detection hybrid intrusion detection host-based hybrid intrusion detection network security internet security computer security information security
shared by netsec on 04 Sep 09 - No Cached
  • netsec on 04 Sep 09
     
    Amazon.com: A New Host-Based Hybrid IDS Architecture - A Mind Of Its Own: The Know-how Of Host-Based Hybrid Intrusion Detection System Architecture Using Machine Learning Algorithms With Feature Selection (9783639172881): Murat Topallar: Books
1More

IT Management Conference & Expo in NYC Oct.14-16 - 0 views

www.diigo.com/...agement-conference-expo-in-nyc IT Management Leadership CIO CTO CEO MySQL PHP Zend PMP
shared by Jackie Fields on 26 Jul 09 - Cached
  • Jackie Fields on 26 Jul 09
     
    http://www.manageit.me ---The greatest minds in IT in 50+ presentations : top industry-leaders: Creator of MySQL Michael "Monty" Widenius, Internet Celebrity Gary Vaynerchuk, Co-Creator of PHP & Zend CTO Zeev Suraski, Richard Sheridan, CEO of Menlo Innovations & Pioneer of Agile eXtreme Programmi...
« First ‹ Previous 41 - 60 of 137 Next › Last »
Showing 20 items per page