• 30mag@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    1 year ago

    Pixel stealing PoC for deanonymizing a user, run with other tabs open playing video. “Ground Truth” is the victim iframe (Wikipedia logged in as “Yingchenw”). “AMD” is the attack result on a Ryzen 7 4800U after 30 minutes, with 97 percent accuracy. “Intel” is the attack result for an i7-8700 after 215 minutes with 98 percent accuracy.

    I guess I should take a course on threat analysis, because I don’t have a clue how to determine how dangerous this is.

    • originalucifer@moist.catsweat.com
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      1 year ago

      the pixel is the just the base unit… expand the exploit and you get ‘images’. any image on the remote site… and from there you could target sites that use imaging for password/username stuff (as a method of preventing text-based exploits).

      the one pixel leads to lots of nonsense

      its a teeny tiny hole, but thats all you need

      • Funderpants @lemmy.ca
        link
        fedilink
        English
        arrow-up
        14
        ·
        edit-2
        1 year ago

        That and apparently a lot of time. Am I right in reading it could take hours to leak enough pixels to form an image? So to get a password the password would need to be plain text, visible on the target website, and not be moved, removed or otherwise changed for hours.

      • 30mag@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        yeah, but if it takes 215 minutes to get just a single word… I mean, I’m not going to have a webpage open for that long.