Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes
Quoting The Register: Alternative Services spec bungled by browser makers

The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT '19 security conference on Tuesday.…

The Register

Sign Up for Free or Log In to start participating in the conversation!