http://33bits.org/2010/06/01/yet-another-identity-stealing-bug-will-creeping-normalcy-be-the-result/ The End of Anonymized Data and What to Do About It Thu, 26 Apr 2012 19:07:05 +0000 hourly 1 http://wordpress.com/ http://33bits.org/2010/06/01/yet-another-identity-stealing-bug-will-creeping-normalcy-be-the-result/#comment-1670 Tue, 28 Sep 2010 15:22:24 +0000 http://33bits.org/?p=490#comment-1670 [...] of leaking your identity to other parties. In my ubercookies series, I documented a series of bugs that can be exploited by an arbitrary website to learn the visitor’s identity. All of these [...]

]]> http://33bits.org/2010/06/01/yet-another-identity-stealing-bug-will-creeping-normalcy-be-the-result/#comment-1465 Sun, 06 Jun 2010 19:14:07 +0000 http://33bits.org/?p=490#comment-1465 [...] I won’t discuss to much this figure as it is already done in this paper.  For me the two important  point regarding  the evolution of web security showed by this figure is that nowadays web security is even more difficult than before. Back in 2005, web security was only about testing few vectors of attacks, mainly XSS and SQL injection. In 2010, the situation is way more complex, as the number of attack vectors exploded. For instance how many of you heard of the new attack released in May named  “Cross Site URL Hijacking“  ? In a nutshell this attack allows an attacker to know the URL parameters of a different origin by abusing the Firefox error object. While this attack might seems innocuous, it has serious privacy implications. [...]

]]>