Abstract
Video’s were in 3 parts given below
AI Generated Summary
This talk examines browser security attacks that exploit the same-origin policy (SOP) by impersonating legitimate domains through a rogue wireless access point. The core attack, termed “phishing the browser,” involves an attacker serving content under a target domain (e.g., google.com) to a victim connected to the attacker’s network. Since SOP enforcement relies solely on the domain name, the attacker’s script inherits all access privileges of the legitimate site.
The research focuses on vulnerabilities in Google Gears, a client-side technology enabling offline web application functionality. Gears stores sensitive data in two primary components: a client-side SQL database and a local server cache. Both components rely on SOP for access control. The attack demonstrates that data stored over HTTP (not HTTPS) by Gears-enabled sites—such as offline Gmail, MySpace, or WordPress—is vulnerable. An attacker can read the Gears database to steal stored information (e.g., Gmail inbox contents) and write to the local server to implant permanent backdoors or steal cached sensitive pages.
A tool named “AS Poster” automates these attacks. The presentation includes a proof-of-concept demo stealing a Gmail inbox. The key finding is that Gears’ offline storage, when used over HTTP, completely bypasses SOP protections if an attacker can control the victim’s network connection. The practical implication is that any site using Gears for offline functionality over HTTP exposes its cached user data to theft on local networks. The recommended mitigation is to avoid using Gears over HTTP and to disable the feature entirely for sensitive sites.