14

Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Download PDF Report

Upload
others
View
4
Download
0

Embed Size (px)

Citation preview

Page 1: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 2: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

From Clickjacking: Attacks and Defenses, by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

Using JS to Steal Facebook Likes

•  Bait-and-switch •  Note: many of these attacks are similar to TOCTTOU (Time of Check to Time of Use) vulnerabilities

Claim your FREE iPad

Page 3: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

From Clickjacking: Attacks and Defenses, by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

Compromise visual integrity – target •  Hiding the target •  Partial overlays

Click

$0.15 $0.15

Page 4: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

From Clickjacking: Attacks and Defenses, by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

Clickjacking to Access the User’s Webcam

Fake cursor

Real cursor

Page 5: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 6: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 7: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 8: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 9: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 10: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 11: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 12: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 13: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Page 14: Using JS to Steal Facebook - ICIR · Using JS to Steal Facebook Likes ... Expires: Friday, April 16, 2027 AM PT O This certificate is valid Expires Aug 2, 2028 PM Aug 1, 2028 4'59:59

Steal Away Home

Steal Away Home

Documents

Subclavian steal syndrome

Subclavian steal syndrome

Health & Medicine

© create, don’t steal | PhotoshopCAFE.com · © create, don’t steal | PhotoshopCAFE.com

© create, don’t steal | PhotoshopCAFE.com · © create, don’t steal | PhotoshopCAFE.com

Documents

Documents

Renal-splanchnic steal

Renal-splanchnic steal

Documents

Wendy Max · steal steal me you me you steal steal steal steal the the time , num num ber ber ven_ ven_ me, me, ven_ ven_ ven_ ven_ (fine) (fine) that that D.C. Now Now al fine ver

Wendy Max · steal steal me you me you steal steal steal steal the the time , num num ber ber ven_ ven_ me, me, ven_ ven_ ven_ ven_ (fine) (fine) that that D.C. Now Now al fine ver

Documents

STEAL THAT PROPERTY

STEAL THAT PROPERTY

Documents

Perspectivas agrícolas OCDE-FAO 2020-2029 (Resumen) · 2020-07-29 · 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18

Perspectivas agrícolas OCDE-FAO 2020-2029 (Resumen) · 2020-07-29 · 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18 2028 2016-18

Documents

To Steal or Not to Steal: The Art of Managing Controlled … · 2018-04-03 · To Steal or Not to Steal: The Art of Managing Controlled Substances Diversion Nancy Elrod, PharmD, BCPS

To Steal or Not to Steal: The Art of Managing Controlled … · 2018-04-03 · To Steal or Not to Steal: The Art of Managing Controlled Substances Diversion Nancy Elrod, PharmD, BCPS

Documents

Evelyn Echeverria 2028-04-15149 Karen Axpuac 2028-07-13538 Kelly Morales 2028-01-11029 Manuel Cashaj 2028-07-13695 Maritza Giron 2028-10-609 Rosario Cerna

Evelyn Echeverria 2028-04-15149 Karen Axpuac 2028-07-13538 Kelly Morales 2028-01-11029 Manuel Cashaj 2028-07-13695 Maritza Giron 2028-10-609 Rosario Cerna

Documents

Toenperän kirjastopalvelut 2028 kirjastopalvelut 2028... · 2018. 8. 20. · Toenperän kirjastopalvelut 2028 – Toimintasuunnitelma 2019–2021 Kunnan kirjastolaitosta johtavalta

Toenperän kirjastopalvelut 2028 kirjastopalvelut 2028... · 2018. 8. 20. · Toenperän kirjastopalvelut 2028 – Toimintasuunnitelma 2019–2021 Kunnan kirjastolaitosta johtavalta

Documents

Magazine 2028 nummer 2: Generatie 2028

Magazine 2028 nummer 2: Generatie 2028

Sports

Business

Sophisticated Big Boxes · Upon expiry of the Kellogg’s lease at Trafford Park, Manchester, we secured a new 10-year lease term with Kellogg’s which expires in April 2028. 18

Sophisticated Big Boxes · Upon expiry of the Kellogg’s lease at Trafford Park, Manchester, we secured a new 10-year lease term with Kellogg’s which expires in April 2028. 18

Documents

Documents

Documents

Sumach Cumberland Presbyterian Church...2019/07/07 · Judy Redmond Term expires 2019 Frank Bailey Term expires 2020 Gary Beavers Term expires 2020 Chip Newsome Term expires 2020

Sumach Cumberland Presbyterian Church...2019/07/07 · Judy Redmond Term expires 2019 Frank Bailey Term expires 2020 Gary Beavers Term expires 2020 Chip Newsome Term expires 2020

Documents

Structuurvisie 2028

Structuurvisie 2028

Documents

Tippett - Steal Away

Tippett - Steal Away

Documents

Steal this Idea

Steal this Idea

Documents

Lei 2028 08 lei nº 2028 campo largo educador

Lei 2028 08 lei nº 2028 campo largo educador

Documents

Documents

STEAL THIS PRESENTATION

STEAL THIS PRESENTATION

Documents

Content to steal

Content to steal

Marketing

Soprano - Rawsonmusic.rawson.me.uk/catalogue/choral/freescores/fivespirituals.pdf · Soprano Steal a- way, Steal a- way, Steal a- way to Je - sus, Alto Steal

Soprano - Rawsonmusic.rawson.me.uk/catalogue/choral/freescores/fivespirituals.pdf · Soprano Steal a- way, Steal a- way, Steal a- way to Je - sus, Alto Steal

Documents

PARA EL PERÍODO 2020-2028 (PEI 2020-2028)

PARA EL PERÍODO 2020-2028 (PEI 2020-2028)

Documents

Steal their style

Steal their style

Documents

Steal lady mailru

Steal lady mailru

Travel

STEAL Characters

STEAL Characters

Documents

Lifestyle