[WEB SECURITY] fast and sort-of-reliable cache timing

Back back at argeniss.com
Sat Dec 3 12:06:22 EST 2011

Cool stuff, btw: it also works for guessing sites visited while in
Private Browsing.

On 12/2/2011 9:09 PM, Michal Zalewski wrote:
> Not particularly exciting, but perhaps of some interest to the audiences here:
> http://lcamtuf.coredump.cx/cachetime/
> It's a fairly crude hack, so it will probably fail spectacularly in
> some circumstances, but the bottom line is that you can probably do
> high-performance, repeated cache timing. The most important trick here
> is to abort navigation so that the requested URL never actually gets
> requested and cached if not already in cache.
> Cheers,
> /mz
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

More information about the websecurity mailing list