Your SlideShare is downloading. ×
0
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)
Upcoming SlideShare
Loading in...5
×

Breaking Browsers: Hacking Auto-Complete (BlackHat USA 2010)

15,820

Published on

Did you know a malicious website, laced with javascript malware, can steal passwords for other websites stored in Firefox’s password manager using nothing but garden variety Cross-Site Scripting? How about javascript’s ability to mine out HTML form auto-complete data in Internet Explorer 6 and 7 (about one-third of the Web), which could be used to reveal a users first name, last name, aliases, email addresses, physical address, etc? What about forcing Web browsers to evict all of their cookies—thereby automatically logging users out of all their current sessions, delete tracking cookies, and so on?

Technically speaking, all of these Web hacking techniques and others are publicly documented, only just not very well-known or advertised. For whatever reason they've been ignored by the browser vendors and Web security researchers. Time to bring them up to the surface.

Published in: Technology
0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
15,820
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
355
Comments
0
Likes
9
Embeds 0
No embeds

No notes for slide
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×