Saturday, August 3, 2013

Stealing data through JavaScript and Timing attacks

At the Black Hat security conference in Las Vegas, researcher Paul Stone demonstrated how cybercriminals could gain access to an Internet user's information by leveraging various security issues. According to ThreatPost, Stone has come up with a new technique that allows hackers to gain access to the source code of web pages that users are logged into by exploiting browser and JavaScript flaws. By using Scalable Vector Graphics filters, the expert has been able to determine which pixels are white and which are black in a browser window. By utilizing JavaScript, he could reconstruct the content of an iframe and gain access to a page's source code. The researcher warns that this code could contain sensitive data. In a demonstration made at Black Hat, Stone showed that the source code of a Google+ page contained a phone number, a Google ID and other information that might be valuable to an attacker. <more>

No comments: