Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The Same Origin Policy (SOP) disallows content from one website to be grabbed from another. For example, if a user visits malicious site, the malicious site should NOT be able to get my bank accounts information.
- One part of this is that the page can have data embedded inside, but cannot READ the data. A common example is selecting an image from a different website; this can be used (embedded) by NOT directly read.
- This post discusses a side channel in the rendering process of a picture via the
canvasHTML element. Because some pixels are drawn faster than others, it was possible to leak information about the image, across domain. - This feels like a very difficult problem to solve; allowing embedding but not directly reading. This bug actually existed in Skia, which is used by both Firefox and Chrome.
