An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
June 2, 2018 08:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lJM_zHR9dIE/css-is-now-so-overpowered-it-can-deanonymize-facebook-users
CSS Is Now So Overpowered It Can Deanonymize Facebook Users
An anonymous reader writes: Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. Information leaked via this attack could aid some advertisers linking IP addresses or advertising profiles to real-life persons, posing a serious threat to a user's online privacy. The leak isn't specific to Facebook but affects all sites which allow their content to be embedded on other web pages via iframes. The actual vulnerability resides in the browser implementation of a CSS feature named "mix-blend-mode," added in 2016 in the CSS3 web standard. Security researchers have proven that by overlaying multiple layers of 1x1px-sized DIV layers on top of iframes, each layer with a different blend mode, they could determine what's displayed inside it and recover the data, to which parent websites cannot regularly access. This attack works in Chrome and Firefox, but has been fixed in recent versions.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lJM_zHR9dIE/css-is-now-so-overpowered-it-can-deanonymize-facebook-users
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot