In this blog post I want to talk about a cool type of attacks ( XSLeaks ) that are cooler than what most developers and security researchers might realize. Almost 10 years ago, Chris Evans described an attack against Yahoo! Mail in which a malicious website could search the email inbox of a visitor to his website, and know if the search had returned results or not. This essentially could have allowed him to search the emails of the user word for word, and get to know a lot about the emails received by the
at 11:26 AM
Labels: chrome , firefox , html , javascript , oracle