Scary Beasts Security

AUGUST 30, 2008

Browsers suck. We're building our fortified web apps on foundations of sand. A little while back, I was talking with Jeremiah about an interesting attack he had to determine whether a user is logged into a given site or not. The attack relies on the target site hosting an image at a known URL for authenticated users only. It proceeds by abusing a generic browser cross-domain leak of whether an image exists or not -- via the onload vs. onerror javascript events.

Authentication 50

Authentication 50

Scary Beasts Security

AUGUST 29, 2008

This post is a tribute to the hundreds of bugs that never quite were serious, and the emotional roller coaster ride on which they take researchers. Some brief background. The skill in finding serious bugs these days isn't in being a demon code auditor or a furious fuzzer; there are thousands of these. The skill lies instead in finding a piece of software, or a piece of functionality, that has the curious mix of being important yet not having seen much scrutiny.

Software 50

Software 50

Scary Beasts Security

AUGUST 25, 2008

As browsers gain more and more features, the possibility increases for interesting or dangerous interactions between these features. I was recently playing with a couple of new browser features -- and SVGs -- and found a cross-domain leak in the development version of Webkit: [link] Fortunately, no production versions of the major browsers are affected - and forearmed with this information, they can keep it that way.

50

50