Collaborate Disseminate
I have a main website that embeds 3 other websites via iframes (legacy systems providing various functionalities with a user interface). Currently the user has to authenticate with each of the system despite that they are all… Continue reading Is it secure to share an access token via HTML5 messaging API between various iframes?
I have a main website that embeds 3 other websites via iframes (legacy systems providing various functionalities with a user interface). Currently the user has to authenticate with each of the system despite that they are all using the sam… Continue reading Is it secure to share an access token via HTML5 messaging API between various iframes?
So the thing is I have created a Asp.Net web api and am using oauth to secure the access.
The problem is that the clients want to make a pure html(angular) website from which they will access the api. So basically they will c… Continue reading How to securely access web api from Html5 Website
I am trying to understand EME with Clear Key encryption. I am using MP4Box. From the documentation here, you specify decryption keys in an XML file that is used to encrypt/decrypt your mp4 files.
https://gpac.wp.mines-telec… Continue reading Is there a way to use clear key encryption for protecting media HTML5 media streams?
Google has announced that hacker-favorite Adobe Flash Player will no longer, as of Q4, be the default in Chrome. Instead, Chrome will default to HTML5. Continue reading Chrome Defaults to HTML5 over Adobe Flash Starting in Q4
While trying to watch a Youtube videos using Tor browser, the Tor browser opens an alert window:
This website (www.youtube.com) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your compu… Continue reading Youtube.com trying to extract HTML5 canvas data: is Youtube trying to fingerprint users’ browser?
The keygen tag is used to make browsers generate private keys and POST the resulting CSR to the server, which can then issue a certificate. It’s now been deprecated, for rather stupid reasons but that’s besides the point.
So, what are the… Continue reading Alternatives to HTML’s deprecated <keygen> for client certs?
HTML5 has a feature set relating to client battery status. It has been described as a privacy hole, as it can be used to track and identify web users. Research suggests the features can be used even to identify users using VP… Continue reading Disable HTML5 battery features
While surfing a news website on my mobile, I receive a virus infection alert warning that triggers my phone to vibrate incessantly. The alert looks like the following:
I didn’t expect my phone to vibrate and the alert is a… Continue reading Is HTML5 vibrate feature a security vulnerability?
My understanding is that with the WebRTC peer-to-peer data API, communications between peers are encrypted via a modified form of SSL. Where are the keys for the peer-to-peer SSL connection generated, though? On the original … Continue reading WebRTC P2P SSL – Where are the keys generated?