Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday June 04 2018, @07:34PM   Printer-friendly
from the when-more-is-not-better dept.

Submitted via IRC for SoyCow3941

Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook.

Information leaked via this attack could aid some advertisers link IP addresses or advertising profiles to real-life persons, posing a serious threat to a user's online privacy.

The leak isn't specific to Facebook but affects all sites which allow their content to be embedded on other web pages via iframes.

The actual vulnerability resides in the browser implementation of a CSS feature named "mix-blend-mode," added in 2016 in the CSS3 web standard.

The mix-blend-mode feature allows web developers to stack web components on top of each other and add effects for controlling to[sic] the way they interact. As the feature's name hints, these effects are inspired by the blend modes found in photo editing software like Photoshop, Gimp, Paint.net, and others. Example blend modes are Overlay, Darken, Lighten, Color Dodge, Multiply, Inverse, and others.

The CSS3 mix-blend-mode feature supports 16 blend modes and is fully supported in Chrome (since v49) and Firefox (since v59), and partially supported in Safari (since v11 on macOs and v10.3 on iOS).

Source: https://www.bleepingcomputer.com/news/security/css-is-so-overpowered-it-can-deanonymize-facebook-users/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by c0lo on Monday June 04 2018, @11:00PM (4 children)

    by c0lo (156) Subscriber Badge on Monday June 04 2018, @11:00PM (#688622) Journal

    Telling someone he's wrong means you're telling someone that he's wrongheaded, which means you're telling someone that he's not capable enough to see his mistake.

    Which may be an absolutely temporary/transient situation.
    While telling that person he's wrong without qualification of any kind (e.g. "you may be right in other circumstances, but you are wrong on this one") is a gratuitous insult.
    This even letting aside that it may be you to actually be wrong (thus "wrongheaded" by your very definition). It is wise to further qualify your statement with "The way I see the things, ...".

    ---

    Grow up: for the present, I feel you behave like a selfish prick, asking everybody to agree with your understanding of the world and your terminology without any reserves. The world doesn't work this way.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday June 05 2018, @12:31AM (3 children)

    by Anonymous Coward on Tuesday June 05 2018, @12:31AM (#688658)
    1. You're just repeating what your parent AC said; your reply is basically what you left out of your quote, making your reply redundant.

    2. You have backwards the responsibility of qualification.

      The wise person realizes that it is his own responsibility to insert "In my opinion" in front of every statement that another person makes, because every statement is inherently subjective.

      A growing problem in our society is the inversion of this responsibility, which leads to the absurd conclusion that every statement must be associated with a growing list of qualifications and of restrictions in "safe spaces", the limit of which is a breakdown of the ability of 2 people to find their objective reality (where their subjective realities agree) and thus an increasing likelihood of chaos.

    • (Score: 2) by c0lo on Tuesday June 05 2018, @03:25AM (2 children)

      by c0lo (156) Subscriber Badge on Tuesday June 05 2018, @03:25AM (#688706) Journal

      The wise person realizes that it is his own responsibility to insert "In my opinion" in front of every statement that another person makes, because every statement is inherently subjective.

      Without the admission of the subjectivity of your position, I'm not going to trust you, especially when you come across in an aggressive fashion.
      And that's not only me that is going to react this way, most of this world is.
      Your choice if you want to deal with it (by adjusting what you have under your control, that means you) or expect the whole world to change to your taste.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: -1, Troll) by Anonymous Coward on Tuesday June 05 2018, @11:52AM (1 child)

        by Anonymous Coward on Tuesday June 05 2018, @11:52AM (#688802)

        And that makes me care even less for your approval.

        • (Score: 2) by c0lo on Tuesday June 05 2018, @12:01PM

          by c0lo (156) Subscriber Badge on Tuesday June 05 2018, @12:01PM (#688807) Journal

          you weren't for my approval in the first place, so how's that relevant? All you care is to pose superior - just empty vanity.

          For the matter, I wasn't after your approval either. Thus, if you want a pissing contest, search another, I'm simply not interested.

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford