homepage Welcome to WebmasterWorld Guest from 54.196.120.58
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / CSS
Forum Library, Charter, Moderators: not2easy

CSS Forum

    
CSS Shaders, a possible malware exploit?
tangor




msg:4398048
 12:33 am on Dec 15, 2011 (gmt 0)

Software developers at Google, Apple, Adobe, and elsewhere are grappling with the security risks posed by an emerging graphics technology, which in its current form could expose millions of web users' sensitive data to attackers.

The technology, known as CSS shaders is designed to render a variety of distortion effects, such as wobbles, curling, and folding. It works by providing programming interfaces web developers can call to invoke powerful functions from an end user's graphics card. But it could also be exploited by malicious website operators to steal web-browsing history, Facebook identities, and other private information from unsuspecting users, Adam Barth, a security researcher on Google's Chrome browser warned recently.

"Because web sites are allowed to display content that they are not allowed to read, an attacker can use a Forshaw-style CSS shader [to] read confidential information via the timing channel," Barth wrote in a December 3 post to his private blog. "For example, a web site could use CSS shaders to extract your identity from an embedded Facebook Like button. More subtly, a web site could extract your browsing history bypassing David Baron's defense against history sniffing.

[theregister.co.uk...]

 

alt131




msg:4399059
 9:21 pm on Dec 17, 2011 (gmt 0)

Hi Tangor, welcome into css :)

Will be interesting to see how this develops.

Just seems to give credibility to the arguments against allowing css to develop scripting/programming capabilities though.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / CSS
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved