CS 253 Web Security Youtube Pt2 Flashcards
What is the purpose of UI Denial-of-service attacks?
- You override the browser defaults - This is in order to make it harder to escape from the site.
- You implement scareware - Implementing threats of virus or something to make the user buy a product or trapping them.
- Trolling
How many levels are the web APIs divided in when we talk about the level of restrictions they have?
Level 0, 1, 2 and 3
What are the restrictions for Level 0 web APIs?
No restrictions. APIs can be used immediately and indiscriminately.
What are some examples of web APIs with Level 0?
DOM, CSS,
window.move()
file download
hide mouse cursor
What are the restrictions for Level 1 web APIs?
User interaction is required.
API cannot be used unless it is in response to a user’s action, like a click or a keypress.
Scrolling does not count for example.
What are some examples of web APIs with Level 1?
Element.requestFullscreen()
navigator.vibrate()
Copy text to clipboard
Speech synthesis API
window.open()
What are the restrictions for Level 2 web APIs?
User “engagement” is required.
API cannot be used until user demonstrates high engagement with a website.
What are some examples of web APIs with Level 2?
Autoplay sound
Prompt to install website to homescreen
What are the restrictions for Level 3 web APIs?
User permission is required.
API cannot be used until user grants explicit permission.
What are some examples of web APIs with Level 3?
Camera, microphone, geolocation, USB, MIDI device access.
What is tabnabbing?
Its an attack that consists in reloading the original tab after opening a new tab. This is possible because of the way window.open() works, which still points to the original tab.
When reloading that tab one can reload said tab into any given URL. This is specially useful for phishing attacks, because you can replace the previous page with an exact copy and simulate a logout scenario and showing a login form to the user.
What are some tabnabbing defenses you can set up?
- Add rel=”noopener” attribute to all a tag elements with target=”_blank” attribute
This will make window.opener to be null instead of pointing to our window.
2.Add the new HTTP header: Cross-Origin-Opener-Policy: same-origin
This makes it so the browser will use a separate OS Process to load the site.
This prevents cross-window attacks an process side-channel attacks by severing references to other browsing contexts.