[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[hybi] wrt security concerns with socket-capable browsers

From: =JeffH <Jeff.Hodges at KingsMountain.com>
To: HYBI interest group <hybi at ietf.org>
Date: Mon, 09 Nov 2009 21:32:11 -0800

Here's the pointer to the post/doc that I mentioned in the BoF today. Pleasenote these caveats..

1. this work is based on examination of exploits possible with Flash's socketcapabilities (tho it applies in general to socket-capabilities weldable by codedownloadable into a browser, modulo any security knobs present on such socketcapabilities)


2. the issues raised are very real, within the space circumscribed in (1).


Here's the pointers..

Socket Capable Browser Plugins Result In Transparent Proxy Abuse
http://www.thesecuritypractice.com/the_security_practice/2009/03/socket-capable-browser-plugins-result-in-transparent-proxy-abuse.html

Socket Capable Browser Plugins Result In Transparent Proxy Abuse V1.0
By Robert Auger (PayPal Information Risk Management Team)
http://www.thesecuritypractice.com/the_security_practice/TransparentProxyAbuse.pdf


HTH,

=JeffH

Prev by Date: Re: [hybi] Comments on draft-loreto-http-bidirectional-01
Next by Date: Re: [hybi] Comments on draft-loreto-http-bidirectional-01
Previous by thread: [hybi] Comments on draft-loreto-http-bidirectional-01
Next by thread: [hybi] SPDY protocol from google frame
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.