Hasnain says:

Should we all just hang up our boots and head home? This is just nuts.

"Don’t serve user-specific or sensitive content from URLs that attackers can predict or easily learn. Attackers can load such URLs in their attack pages (e.g. ) to get the sensitive information into the process rendering their page, and can then use out-of-bounds reads to discover the information. Use anti-CSRF tokens or random URLs to break this kind of attack."

Posted on 2018-01-04T07:51:04+0000