a security researcher said "He said it's simple for an attacker
over an 802.11 wireless network to take control of a Web browser cache
by hijacking a common JavaScript file, for example.
"Once you've left Starbucks, you're owned. I own your cache-control
header," he said. "You're still loading the cache JavaScript when you
go back to work". "Open networks have no client protection," said
Kershaw, who also uses the handle Dragorn. "Nothing stops us from
spoofing the [wireless access point] and talking directly to the
client," the user's Wi-Fi-enabled device.
I was wondering how this could effect Clipperz, if any?
Thanks
the hijacking technique is quite interesting, but Clipperz is not
vulnerable for a very simple reason: all the code is packed into the
single HTML file you are loading from our site. We don't use any
external library that could be poisoned using the described technique.
Better: we do use some third-party libraries, but their code is all
packed together with our own code in the html file.
Regards,
Giulio Cesare
> --
> You received this message because you are subscribed to the Google Groups "Clipperz" group.
> To post to this group, send email to clip...@googlegroups.com.
> To unsubscribe from this group, send email to clipperz+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/clipperz?hl=en.
>
>