Tag Archives: exploit

Wavethrough – Stealing data from remote sites through (fake) wav files

Jake Archibald discovered a really nice browser bug (which is fixed by now) by which he was able to steal data from remote sites by loading it in as a (fake) wav file. The exploit works as follows: Make a … Continue reading

Elsewhere , , , , , Leave a comment

Side-channel attacking browsers through CSS3 features

Ruslan Habalov and Dario Weißer found a way to read contents from an iframe, using CSS3: Accessing the DOM of an iframe that includes a cross-origin resource is forbidden by default. However, the content of the iframe was displayed in … Continue reading

Elsewhere , , , , 1 Comment

Stealing your browser history with the W3C Ambient Light Sensor API

A few years ago window.getComputedStyle and the like where adjusted to return the default color of links, instead of the actual color on screen. Security and privacy were the driving factors behind that decision: by styling :visited links with a … Continue reading

Elsewhere , , , , , 2 Comments

WordPress < 3.6.1 PHP Object Injection

WordPress 3.6.1 contains a PHP Object Injection Vulnerability Fix, detected by one of my former students. He also made an extensive writeup about it: Let’s recap: maybe_serialized(‘i:1;<funkycharacterhere>’) is inserted to the database. As WordPress does not see this as a … Continue reading

Elsewhere , , , Leave a comment

Major Samsung Galaxy TouchWiz exploit hard resets a device by just visiting a website

A phone dialer code can hard reset a Galaxy S2, S3, and a bunch of minor devices that use Samsung’s TouchWiz overlay. The idea is that the operator could enter it on the keypad manually to hard reset all of … Continue reading

Elsewhere , , , Leave a comment

iOS in-app proxy

We received some disturbing tips today that a Russian developer has published a method of obtaining in-app purchases from iOS apps for free. The “in-app proxy” method does not require a jailbreak, can be completed by novices in three steps … Continue reading

Elsewhere , , , Leave a comment