¿Qué está mal?

Aviso: Antes de informar sobre un error con la descarga, por favor, prueba el enlace directo: Attacks Exploiting the HTML5 Screen Sharing API

Cargando...

Debes iniciar sesión para hacer esto.

Attacks Exploiting the HTML5 Screen Sharing API

Attacks Exploiting the HTML5 Screen Sharing API

Attacks Exploiting the HTML5 Screen Sharing API

Puntuación: ---- | 0 votos
| Enviando voto
| ¡Votado!
|

Detalles del libro:

pos
Global
pos
Categoría
Año:2014
Editor:Carnegie Mellon University
Páginas:15 páginas
Idioma:inglés
Desde:26/06/2014
Tamaño:1.39 MB
Licencia:Pendiente de revisión

Contenido:

HTML5 changes many aspects in the browser world by introducing numerous new concepts; in particular, the new HTML5 screen sharing API impacts the security implications of browsers tremendously. One of the core assumptions on which browser security is built is that there is no cross-origin feedback loop from the client to the server. However, the screen sharing API allows creating a cross-origin feedback loop.

Consequently, websites will potentially be able to see all visible content from the user’s screen, irrespective of its origin. This cross-origin feedback loop, when combined with human vision limitations, can

introduce new vulnerabilities. An attacker can capture sensitive information from victim’s screen using the new API without the consensus of the victim. We investigate the security implications of the screen sharing API and discuss how existing defenses against traditional web attacks fail during screen sharing. We show that several attacks are possible with the help of the screen sharing API: cross-site request forgery, history sniffing, and information stealing. We discuss how popular websites such as Amazon and Wells Fargo can be attacked using this API and demonstrate the consequences of the attacks such as economic losses, compromised account and information disclosure. The objective of this paper is to present the attacks using the screen sharing API, analyze the fundamental cause and motivate potential defenses to design a more secure screen sharing API.

Categorías:

Etiquetas:

Cargando comentarios...

Escaneando listas...

El libro en números

Posición global

posición en categorías

en catálogo desde

26/06/2014

puntuación

Nothing yet...

votos

Nothing yet...

'LIKES' sociales

Nothing yet...

Visitas

Descargas

Esto puede tardar un momento

Interés

Segmentación por países

Esto puede tardar un momento

Páginas de entrada

Segmentación por sitios web

evolución

Esto puede tardar un momento

Cargando...