Evan Martin (evan) wrote in evan_tech,
Evan Martin

mime sniffing

One of the many fortuitous events that made Chrome what it is was getting a bunch of rock star interns. Adam has written a bunch of papers on browser security and has a new paper up on XSSes related to mime sniffing: Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves. The subtitle refers to the fact that the paper submission site that this paper was submitted to was itself vulnerable to one of these attacks.

Due to their orthogonality to "traditional" XSS, these sorts of attacks still affect sites that are otherwise pretty good in terms of input handling. I recall, when I first read about these attacks, I was able to make a proof of concept XSS against LiveJournal. When I showed the attack to brad, it amusingly turned out that had already written code to defend against the problem but hadn't yet flipped the switch, so he fixed it within a few minutes. But as the paper illustrates, many other sites (like Wikipedia*) are vulnerable.

* Update: having read more now, I see Wikipedia uses the same defense LJ does; it's just the default configuration of Mediawiki that is vulnerable.
Tags: chromium, go read, hacking

  • blog moved

    As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…

  • dremel

    They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…

  • treemaps

    I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.