coffee shop MITM
-
-
fair point but driving a whole attack from js served from the subdomain is more difficult than doing it directly with the cookie. Raising the bar rather than complete prevention. The same is true for XSS and the httponly flag on cookies but it still exists and gets used.
-
That's true, but you have to admit if httponly was as invasive a change as token binding, it probably wouldn't exist?
- 10 more replies
New conversation -
-
-
cookie has no SOP, js has. if you control foo[dot]company and there's a cookie for *[dot]company you win with getting the cookie. I think that's one of the more serious implications of subdomain takeover.
-
Cookie has no SOP, but you're running under the correct origin. Therefore, just run your attack there and don't steal the cookie - same result, so token binding didn't help...right?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.