I delivered a one hour session on the internals of file downloads in web browsers at THAT Conference 2024. The slides are here and a MP3 of the talk is available. If you’d prefer to read, much of the content in the talk is found in this blog’s posts that have a Download tag.
Category Archives: tech
Defense Techniques: Blocking Protocol Handlers
Application Protocols represent a compelling attack vector because they’re the most reliable and cross-browser compatible way to escape a browser’s sandbox, and they work in many contexts (Office apps, some PDFs handlers, some chat/messaging clients, etc). Some protocol handlers are broadly used, while others are only used for particular workflows which may not be relevantContinue reading “Defense Techniques: Blocking Protocol Handlers”
Troubleshooting Edge (or Chrome) Broken UI
Last time, we looked at how to troubleshoot browser crashes. However, not all browser problems result in the tab or browser crashing entirely. In some cases, the problem is that some part of the browser UI doesn’t render correctly. This most commonly occurs with parts of the UI that are written in HTML and JavaScript. InContinue reading “Troubleshooting Edge (or Chrome) Broken UI”
Driving Electric – One Year In
One year ago, I brought home a new 2023 Nissan Leaf. I didn’t really need a car, but changing rules around tax credits meant that I pretty much had to buy the Leaf last fall if I wanted to save $7500. It was my first new car in a decade, and I’m mostly glad IContinue reading “Driving Electric – One Year In”
Protecting Auth Tokens
Authenticating to websites in browsers is complicated. There are numerous different approaches: Each of these authentication mechanisms has different user-experience effects and security properties. Sometimes, multiple systems are used at once, with, for example, a Web Forms login being bolstered by multifactor authentication. In most cases, however, Authentication mechanisms are only used to verify theContinue reading “Protecting Auth Tokens”
text/plain 