sleske – WindowsTechs.com

Why was the Same-origin policy originally introduced (before XMLHttpRequest)?

Posted on January 17, 2020 by sleske

As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain.

I understand that this is important to prevent a page from grabbing private data … Continue reading Why was the Same-origin policy originally introduced (before XMLHttpRequest)?→

What are the EFAIL "backchannels in email clients not related to HTML"?

Posted on May 25, 2018 by sleske

The published examples for exploiting the EFAIL email encryption vulnerability all appear to use HTML to create a backchannel for exfiltrating decrypted data.

However, the homepage of EFAIL, https://efail.de/ , claims:

S… Continue reading What are the EFAIL "backchannels in email clients not related to HTML"?→