Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - "Rosetta Flash" attack leverages JSONP callbacks to steal cookies! (arstechnica.com)

newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today dubbed the "Rosetta Flash" attack..

JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the "Rosetta Stone" attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the site being targeted bypassing all Same-Origin policies in place.

Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack; however, several were patched prior to the public release and Tumblr has patched within hours of the release.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"Rosetta Flash" attack leverages JSONP callbacks to steal cookies!

Comments Filter:

People who go to conferences are the ones who shouldn't.

Working...