From 21281bd6e347fd50ee7c719621b884d15b403e70 Mon Sep 17 00:00:00 2001 From: Kenneth Rohde Christiansen Date: Wed, 6 Mar 2024 11:11:26 +0100 Subject: [PATCH 1/2] Add info about another attack type --- index.html | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index e1b1a63..2fa0374 100644 --- a/index.html +++ b/index.html @@ -1353,7 +1353,48 @@

Cross-site covert channel

a video conferencing session will typically exert sustained pressure on the CPU that makes it harder to manipulate the pressure state in a predictive manner. - +

Targeted deanonymization attacks

+

+ Targeted deanonymization attacks constitute a critical class of threats that jeopardize a users anonymity. + These attacks allow a malicious or partially compromised website (referred to as the “malicious site”) to + ascertain whether a website visitor possesses a specific public identifier, such as an email address or a + social media handle. +

+

+ While anonymity may be a luxury for some, for certain individuals, it is far more than that—it is a matter + of survival. Consider for instance those who engage in political protests, work as journalists covering + sensitive topics, etc. +

+

+ As an example, an attacker can privately share a resource with the target for instance using a public + resource sharing service (“victim site”), and then measure side-effects (indicating successful access) + on loading the resource via side-channels. If the logged in visitor can access the embedded resource + successfully, that indicates that the current visit is indeed the intended target. +

+

+ Specifically, exposing reliable information about the total CPU pressure can let an attacking site + understand if a target of a cross-origin navigation (e.g. an iframe or pop-up window from another site) + performed a CPU-intensive operation. +

+

+ Techniques such as pop-under and + tab-under can be used to hide the loading + from the user. +

+

+ A practical attack is that the malicious website could open e.g., a popup to a resource on a victim site + to which the user is logged in (e.g. a video streaming site or online document editor) pointing to a + resource shared with specific users. +

+

+ Assuming that loading the resource puts increased pressure on the CPU, this would create a side-channel + reveals to the attacking site if the user is logged into an account with access to the resource, + deanonymizing the user. +

+

+ Given that modern CPUs recover quickly from high pressure, a mitigation strategy could be to temporarily + disable readings for a few seconds after loading popup and iframe content. +

From 4288ec597e2a9b1a2b052238b81a99a85878d5fe Mon Sep 17 00:00:00 2001 From: Kenneth Rohde Christiansen Date: Wed, 6 Mar 2024 11:42:19 +0100 Subject: [PATCH 2/2] Fix Anssi's comments --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 2fa0374..db6d5b9 100644 --- a/index.html +++ b/index.html @@ -1353,9 +1353,9 @@

Cross-site covert channel

a video conferencing session will typically exert sustained pressure on the CPU that makes it harder to manipulate the pressure state in a predictive manner. -

Targeted deanonymization attacks

+

Targeted de-anonymization attacks

- Targeted deanonymization attacks constitute a critical class of threats that jeopardize a users anonymity. + Targeted de-anonymization attacks constitute a critical class of threats that jeopardize a user's anonymity. These attacks allow a malicious or partially compromised website (referred to as the “malicious site”) to ascertain whether a website visitor possesses a specific public identifier, such as an email address or a social media handle. @@ -1382,7 +1382,7 @@

Targeted deanonymization attacks

from the user.

- A practical attack is that the malicious website could open e.g., a popup to a resource on a victim site + One possible attack is that the malicious website opens e.g., a popup to a resource on a victim site to which the user is logged in (e.g. a video streaming site or online document editor) pointing to a resource shared with specific users.

@@ -1392,8 +1392,8 @@

Targeted deanonymization attacks

deanonymizing the user.

- Given that modern CPUs recover quickly from high pressure, a mitigation strategy could be to temporarily - disable readings for a few seconds after loading popup and iframe content. + Given that modern CPUs recover quickly from high pressure, one possible mitigation strategy could be to + temporarily disable readings for a few seconds after loading popup and iframe content.