Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

mime sniffing

One of the many fortuitous events that made Chrome what it is was getting a bunch of rock star interns. Adam has written a bunch of papers on browser security and has a new paper up on XSSes related to mime sniffing: Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves. The subtitle refers to the fact that the paper submission site that this paper was submitted to was itself vulnerable to one of these attacks.

Due to their orthogonality to "traditional" XSS, these sorts of attacks still affect sites that are otherwise pretty good in terms of input handling. I recall, when I first read about these attacks, I was able to make a proof of concept XSS against LiveJournal. When I showed the attack to brad, it amusingly turned out that had already written code to defend against the problem but hadn't yet flipped the switch, so he fixed it within a few minutes. But as the paper illustrates, many other sites (like Wikipedia*) are vulnerable.

* Update: having read more now, I see Wikipedia uses the same defense LJ does; it's just the default configuration of Mediawiki that is vulnerable.
Tags: chromium, go read, hacking
Subscribe

  • dremel

    They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…

  • google ime

    Japanophiles might be interested to learn that Google released a Japanese IME. IME is the sort of NLP problem that Google is nearly uniquely…

  • ghc llvm

    I read this thesis on an LLVM backend for GHC, primarily because I was curious to learn more about GHC internals. The thesis serves well as an…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 4 comments