[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CSS Prime + Probe
|
From: |
Giorgio Maone |
|
Subject: |
CSS Prime + Probe |
|
Date: |
Wed, 10 Mar 2021 20:46:23 +0100 |
|
User-agent: |
None of Your Business 1.0 |
Yossi hurried up publishing the definitive paper for us:
https://orenlab.sise.bgu.ac.il/p/PP0?g
Here's the artifacts repository:
https://github.com/Yossioren/pp0
Since it's public now, I've just tweeted announcing I've started
developing countermeasures for both NoScript and JS Shield (in the NSCL):
https://twitter.com/ma1/status/1369734580807335943
Specifically, I'm gonna try this (or variants thereof): scan CSSOM for
any attribute selector triggering external resource loads, and to add
DNS-prefetching links for all the domains found this way. This would
trade some fingerprinting opportunity(resolving all the domains in one
sweep might single out NoScript/JS Shield/Tor Browser users, which can
be identified by other mean anyway) for a way to confuse the probe.
I've told Yossi about this plan, and he thinks it's a promising idea.
Please let me know if you've got observations / suggestions. I'll keep
you posted on the progress.
Cheers
--
Giorgio Maone
https://maone.net
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- CSS Prime + Probe,
Giorgio Maone <=