all InfoSec news
Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking. (arXiv:2112.06324v2 [cs.CR] UPDATED)
Oct. 14, 2022, 1:20 a.m. | Peter Snyder, Soroush Karami, Arthur Edelstein, Benjamin Livshits, Hamed Haddadi
cs.CR updates on arXiv.org arxiv.org
We identify class of covert channels in browsers that are not mitigated by
current defenses, which we call "pool-party" attacks. Pool-party attacks allow
sites to create covert channels by manipulating limited-but-unpartitioned
resource pools. These class of attacks have been known, but in this work we
show that they are both more prevalent, more practical for exploitation, and
allow exploitation in more ways, than previously identified. These covert
channels have sufficient bandwidth to pass cookies and identifiers across site
boundaries under …
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Advisory Red Consultant
@ Security Risk Advisors | Philadelphia, Pennsylvania, United States
Cyber Business Transformation Change Analyst
@ National Grid | Warwick, GB, CV34 6DA
Cyber Security Analyst
@ Ford Motor Company | Mexico City, MEX, Mexico
Associate Administrator, Cyber Security Governance (Fort Myers)
@ Millennium Physician Group | Fort Myers, FL, United States
Embedded GSOC Lead Operator, Events
@ Sibylline Ltd | Seattle, WA, United States