User control of All State #6

Open
opened 2016-05-26 14:04:31 +12:00 by mikedilger · 0 comments
mikedilger commented 2016-05-26 14:04:31 +12:00 (Migrated from github.com)

Various state mechanisms have been identified for "super cookies" or "evercookies". They must all be addressed, including:

  • Cookies
  • Flash Cookies (Local Shared Objects)
  • HTML5 DOM session storage
  • HTML5 DOM local storage
  • HTML5 global storage
  • HTML5 database storage
  • HTML5 indexed db
  • Java JNLP PersistenceService
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422 (java applet sandbox escaping)
  • HTTP Strict Transport Security (HSTS) Pinning
  • Silverlight Isolated Storage
  • Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Web history cookies
  • HTTP ETag cookies
  • Web cache cookies
  • window.name caching
  • IE userData storage (ie only?)
  • HTTP authentication caching

Test with https://panopticlick.eff.org
Test with http://samy.pl/evercookie/, https://github.com/samyk/evercookie

Various state mechanisms have been identified for "super cookies" or "evercookies". They must all be addressed, including: - Cookies - Flash Cookies (Local Shared Objects) - HTML5 DOM session storage - HTML5 DOM local storage - HTML5 global storage - HTML5 database storage - HTML5 indexed db - Java JNLP PersistenceService - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422 (java applet sandbox escaping) - HTTP Strict Transport Security (HSTS) Pinning - Silverlight Isolated Storage - Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out - Web history cookies - HTTP ETag cookies - Web cache cookies - window.name caching - IE userData storage (ie only?) - HTTP authentication caching Test with https://panopticlick.eff.org Test with http://samy.pl/evercookie/, https://github.com/samyk/evercookie
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
mikedilger/shortboard#6
No description provided.