The Curse of Cross-Origin Stylesheets - Web Security Research

preview_player
Показать описание
In 2017 a cool bug was reported by a researcher, which lead me down a rabbit hole to a 2014 and even 2009 bug. This provides interesting insight into how web security research looks like.

-=[ 🔴 Stuff I use ]=-

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#SecurityResearch
  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
The Curse of 0:19:58

The Curse of Cross-Origin Stylesheets - Web Security Research

The Same Origin 0:12:19

The Same Origin Policy - Hacker History

This is 90% 0:00:51

This is 90% of Security Research

PLAYING CS:GO THEN 0:00:38

PLAYING CS:GO THEN vs NOW

he hacked my 0:34:24

he hacked my websites

MOST DISTURBING TAILS 0:00:33

MOST DISTURBING TAILS SCENE IN A SONIC.EXE GAME! #shorts #sonicexe #exe #sonic #horror #luigikid

Custom Chromium Build 0:15:01

Custom Chromium Build to Reverse Engineer Pop-Under Trick

TF2 sprays 0:00:22

TF2 sprays

CSS Keylogger - 0:11:29

CSS Keylogger - old is new again

Tails Revived Sonic.exe 0:00:09

Tails Revived Sonic.exe #shorts

since you think 0:00:13

since you think it’s cringe, I did it again 😘 #gojo #jjk #jujutsukaisen #gojousatoru #cosplay

Differentiate between Terrorism, 0:00:33

Differentiate between Terrorism, Insurgency and naxalism!!🔥|UPSC Interview|#shorts

The Browser is 0:06:44

The Browser is a very Confused Deputy - web 0x05

[SFM/Sonic.EXE] There is 0:00:21

[SFM/Sonic.EXE] There is only one Sonic! #sonicexe #metalsonic #sonicthehedgehog

This costs MORE 0:00:26

This costs MORE than a PS5! 🤯

Top 10 in 0:02:55

Top 10 in demand courses for employers Philippines

Web Developer's Life 0:00:09

Web Developer's Life be Like!

Injection Vulnerabilities - 0:03:57

Injection Vulnerabilities - or: How I got a free Burger

What is a 0:16:08

What is a Security Vulnerability?

Let’s play a 0:12:54

Let’s play a game: what is the deadly bug here?

TESDA courses, in 0:03:04

TESDA courses, in demand lalo sa mga nais mag-abroad | 24 Oras

Cass Elliot - 0:02:38

Cass Elliot - Dream A Little Dream Of Me (It's Lulu, 07/25/1970)

How To Build 0:11:24

How To Build A $10,000 App with AI (Cursor + DeepSeek)

XS-Search abusing the 0:13:16

XS-Search abusing the Chrome XSS Auditor - filemanager 35c3ctf

Комментарии
Автор

You should know that those 20 minutes feel like 5 minutes. Great job and keep em coming!

hugowoesthuis
Автор

Reenactment of historic bug discussions, please!

leanobajio
Автор

I cannot believe you've been making videos like this for years and I just found you. Insane.

indycinema
Автор

I was having insomnia and I slept listening to your bug stories, thanks, you're perfect in many ways, this now is one of them

kkmetcom
Автор

2:15 *But let's keep this bug Chrome-private whilst we debate what can be done (and protect our customers first:)*
Chrome developers are very responsible

serkandevel
Автор

I am totally in favor of a stricter syntax. Let developers to receive 1 gazillion warnings and errors! I don't know why HTML and CSS has such relaxed syntax in the first place. Even noobs can write proper syntax if you make them.

DanielDogeanu
Автор

Took me way too long to realize that the intro animation is a buffer being overflowed.

noselund
Автор

when a software engineer talks about past:
...evolved historically ...
*2009*

catlord
Автор

"the internet is broken because cross-domain"
I'd say that this video proves that is broken because all the browser parsers are super lax to allow even the worst webdev do put out their garbage, which in turn allows more terrible devs to join the field successfully, thus perpetuating the cycle

fluffy_tail
Автор

Fantastic video, as always. I really like the way that you showed the connections between the bug reports.

_iphoenix_
Автор

Good video, I really like watching these videos with popcorn.

justanormalperson
Автор

This was really interesting / informative to watch. I would perhaps come across some of this on the web on in trackers and it would all go right over my head, having you explain it I now actually understand what was going on. Thank you!

abbottabbott
Автор

I like how the fix in the end was a simple restriction to .css file type. Lol.

GoodBalak
Автор

This stuff is freaking fascinating. Thank you.

imjustsomepersonontheinternet
Автор

Thanks for the explanation. The bounty is great for beer money but not to live from. You would need to find 2 of these bugs a month and get the guaranteed payout to survive.

jwrm
Автор

your video is like a music to my ears

damejelyas
Автор

"okay it's fixed by checking the content-type. case closed". and then they needed 3 years to ask the question: "what if there is no content-type header!? you know when our web browser happens to be a local file browser because «do one job, do it well» ... oh wait..."

bandie
Автор

Thanks you 4 yours videos, it's very interesting to learn something new in such close-to-life subjects.

galqiwi
Автор

Great stuff, I'd love to see more of this kind of stuff.

Rednesswahn
Автор

Very interesting and well explained, greetings from Spain!

the_rahn
welcome to shbcf.ru