The Curse of Cross-Origin Stylesheets - Web Security Research

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=bMPAXsgWNAc


Duration: 19:58
99,206 views
3,136

In 2017 a cool bug was reported by a researcher, which lead me down a rabbit hole to a 2014 and even 2009 bug. This provides interesting insight into how web security research looks like.

cgvwzq's Bug (2017): https://bugs.chromium.org/p/chromium/issues/detail?id=788936
filedescriptor's Bug (2014): https://bugs.chromium.org/p/chromium/issues/detail?id=419383
scarybeasts' Bug (2009): https://bugs.chromium.org/p/chromium/issues/detail?id=9877

GynvaelEN: https://www.youtube.com/user/GynvaelEN
Efail Stream: https://www.youtube.com/watch?v=VC_ItSQaUx4

-=[ ๐Ÿ”ด Stuff I use ]=-

โ†’ Microphone:* https://geni.us/ntg3b
โ†’ Graphics tablet:* https://geni.us/wacom-intuos
โ†’ Camera#1 for streaming:* https://geni.us/sony-camera
โ†’ Lens for streaming:* https://geni.us/sony-lense
โ†’ Connect Camera#1 to PC:* https://geni.us/cam-link
โ†’ Keyboard:* https://geni.us/mech-keyboard
โ†’ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ โค๏ธ Support ]=-

โ†’ per Video: https://www.patreon.com/join/liveoverflow
โ†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ ๐Ÿ• Social ]=-

โ†’ Twitter: https://twitter.com/LiveOverflow/
โ†’ Website: https://liveoverflow.com/
โ†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
โ†’ Facebook: https://www.facebook.com/LiveOverflow/

-=[ ๐Ÿ“„ P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#SecurityResearch



Other Videos By LiveOverflow


2018-12-07OsmocomBB: Open Source GSM Implementation - Motorola Calypso Chip
2018-11-30Nintendo Switch (NVIDIA Tegra X1) - BootROM Vulnerability
2018-11-23End-to-End Encryption in the Browser Impossible? - ProtonMail
2018-11-16Identifying Good Research to actually Learn Something - Cross-site Scripting
2018-11-09Student Finds Hidden Devices in the College Library - Are they nefarious?
2018-11-02Analysing a Collection of Windows Binaries and Embedded Resources - FLARE-On 2018
2018-10-26Basic Windows Reversing and Attacking Weak Crypto - FLARE-On 2018
2018-10-19HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128
2018-10-12GSM Mobile Network Intro - Nokia Network Monitor
2018-10-05How do SIM Cards work? - SIMtrace
2018-09-28The Curse of Cross-Origin Stylesheets - Web Security Research
2018-09-21DEF CON CTF 2018 Finals
2018-09-14First time in Las Vegas for BlackHat, DEF CON and more...
2018-09-07The Last Flag (Overachiever) - Pwn Adventure 3
2018-09-04RSA Implemented in JavaScript (Keygen part 5) - Pwn Adventure 3
2018-08-31RSA Implemented in Assembler (Keygen part 4) - Pwn Adventure 3
2018-08-24Understanding the Key Verification Algorithm (Keygen part 3) - Pwn Adventure 3
2018-08-17Reversing Custom Encoding (Keygen part 2) - Pwn Adventure 3
2018-08-11Reversing Input Validation (Keygen part 1) - Pwn Adventure 3
2018-08-03Failing at Machine Learning (Blocky part 2) - Pwn Adventure 3
2018-07-27Analyzing the Blocky Logic Puzzle - Pwn Adventure 3


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
browser bug
web security
css
cascading stylesheet
style
stylesheet
sop
same origin policy
same-origin
cross origin
cors
tangled web
lcamtuf
scarybeasts
chris evans
filedescriptor
google
chromium
chrome
firefox
ie
internet explorer
opera
2009
2014
2017
pepe vila
cgvwzq
browser security
client side security
xss
steal data
css keylogger
css keylog
beef
utf-16
utf16
utf-8
utf8
bugs