November 2011
Intermediate to advanced
320 pages
10h 18m
English
The trouble with accessing sensitive protocols is merely a prelude to a far more serious issue that somehow escaped the creators of the same-origin policy. The problem is that DNS-derived origins may have nothing to do with actual network-level boundaries—or with how these boundaries change over time. A malicious script may be granted same-origin access to intranet sites on the victim’s local network, even if a firewall prevents the attacker from interacting with these destinations directly.
There are at least three distinctive venues for such attacks.
When a user visits a rogue network—such as an open wireless network at an airport or in a café—an attacker on that network may trick the victim’s browser ...
Read now
Unlock full access