[WEB SECURITY] fast and sort-of-reliable cache timing

Back back at argeniss.com
Sat Dec 3 12:06:22 EST 2011


Cool stuff, btw: it also works for guessing sites visited while in
Private Browsing.

Cesar.
On 12/2/2011 9:09 PM, Michal Zalewski wrote:
> Not particularly exciting, but perhaps of some interest to the audiences here:
> 
> http://lcamtuf.coredump.cx/cachetime/
> 
> It's a fairly crude hack, so it will probably fail spectacularly in
> some circumstances, but the bottom line is that you can probably do
> high-performance, repeated cache timing. The most important trick here
> is to abort navigation so that the requested URL never actually gets
> requested and cached if not already in cache.
> 
> Cheers,
> /mz
> 
> _______________________________________________
> The Web Security Mailing List
> 
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> 
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> WASC on Twitter
> http://twitter.com/wascupdates
> 
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org






More information about the websecurity mailing list