Css: The Sexy Assassins presented at BlueHat 2008

by David Lindsay (Security Innovation), Gareth Heyes, Eduardo Vela Nava,

Tags: Security

Summary : CSS has many uses and abuses. Cascading Style Sheets (CSS) can be used for a lot more than making a Web site look sexy. The presenters will detail how to scan your internal network, track visited links on third-party Web sites, and read the content of third-party Web sites, such as your password. We will also discuss how to use CSS to detect the presence of plug-ins, detect access to certain zones or Web sites, show how algorithmic logic in CSS is possible, and finally demonstrate how CSS injections can be obfuscated to create difficult to detect cross-site scripting vectors. All of this will be demonstrated in a non-scripted environment.