Re: dns-prefetch
Jean-Marc Desperrier wrote on 7/24/2009 1:09 PM: > The most serious attack seem to me to be than the attacker can know > *when* exactly you read any given mail. I hadn't thought of that, but I do now see that as a reason to turn it off entirely for any messaging application. You're right, it wouldn't be too hard to marry wildcard DNS with specially-crafted tracking links to know when the user has viewed the message (which is why many messaging applications disable remote image fetching by default). - Bil ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: dns-prefetch
Johnathan Nightingale wrote: But with prefetch enabled, they could potentially harvest a significant amount of information about the contents of your emails by watching all the prefetch requests But it will be disclosed anyway if he actually follows the link. And I get a lot of spam from adultfriendfinder.com ;-) The most serious attack seem to me to be than the attacker can know *when* exactly you read any given mail. ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: dns-prefetch
Johnathan Nightingale wrote on 7/24/2009 9:26 AM: > On regular http connections, this kind of disclosure is obviously > inevitable since the page contents themselves are visible to > eavesdroppers, but when the connection is over https, there is a > reasonable expectation of some privacy, so we try to preserve it as much > as possible. Great, thanks for the explanation. - Bil ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: dns-prefetch
On 23-Jul-09, at 10:39 PM, Bil Corry wrote:
Wan-Teh Chang wrote on 7/23/2009 9:29 PM:
On Thu, Jul 23, 2009 at 7:10 PM, Bil Corry wrote:
Can someone explain the security concerns with DNS prefetching
from a HTTPS site?
The concern is privacy. Prefetching DNS for host names referenced
in an HTTPS page leaks some info contained in that page.
Thanks for the response. Who is the data being leaked to? The DNS
provider? The advisory sniffing packets off a public hotspot?
And what information is being leaked? The hostname(s) that are
referenced on the HTTPS page?
I'm just trying to understand the complete risk involved.
I think you've got it. Obviously, anyone in a position to watch your
traffic maliciously can already perform rudimentary traffic analysis
to determine that you have, for instance, an https connection to
gmail. But with prefetch enabled, they could potentially harvest a
significant amount of information about the contents of your emails by
watching all the prefetch requests ("I've seen 12 prefetch requests
for intranet servers under ibm.com, I bet he's an employee", or "I
wonder if his wife knows how much email he's getting from
adultfriendfinder.com").
On regular http connections, this kind of disclosure is obviously
inevitable since the page contents themselves are visible to
eavesdroppers, but when the connection is over https, there is a
reasonable expectation of some privacy, so we try to preserve it as
much as possible.
Cheers,
Johnathan
---
Johnathan Nightingale
Human Shield
john...@mozilla.com
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
