Create an Account
username: password:
  MemeStreams Logo

Timing attacks on web privacy


Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Health and Wellness
Home and Garden
Current Events
Local Information

support us

Get MemeStreams Stuff!

Timing attacks on web privacy
Topic: Technology 9:06 pm EDT, Aug 10, 2007

Ed Felton is a genius. In this paper he discusses using timing between HTTP requests to determine whether certain URLs have been cached in a user machine. He extends this to detecting secondary cache hist to determine if two arbitrary machines are on the same network subnet.

He discuss doing this both with and without JavaScript.

Yes, essentially, Ed Felton published Grossman's and RSnake's Black Hat presentation 7 years before they did.

Long ago RSnake claimed I stole his research and suggested I edit my paper to reflect that someone else has done work in this area. It will be interesting to see whether RSnake is willing to do that when confronted with the same situation. What's the phrase? Put up or shut up?

Of course, I've never seen Grossman or RSnake reference Ed Felton's work in any of their presentations. Was it willing omitted? If not, how could they not be aware of it if they did any type of due diligence for their research? It's not like Edward Felton is some obscure person in the security space. Some of his work was required reading in a class I took as a sophomore in college.

Update Ahh the Drama...

Timing attacks on web privacy

Powered By Industrial Memetics