Security researcher Paul Stone presented his techniques at Black Hat 2013

Aug 2, 2013 13:07 GMT  ·  By

At the Black Hat security conference in Las Vegas, researcher Paul Stone demonstrated how cybercriminals could gain access to an Internet user’s information by leveraging various security issues.

According to ThreatPost, Stone has come up with a new technique that allows hackers to gain access to the source code of web pages that users are logged into by exploiting browser and JavaScript flaws.

By using Scalable Vector Graphics filters, the expert has been able to determine which pixels are white and which are black in a browser window. By utilizing JavaScript, he could reconstruct the content of an iframe and gain access to a page’s source code.

The researcher warns that this code could contain sensitive data. In a demonstration made at Black Hat, Stone showed that the source code of a Google+ page contained a phone number, a Google ID and other information that might be valuable to an attacker.

Robert Hansen of WhiteHat Security has told ThreatPost that the vulnerability could be successfully leveraged in targeted attacks against corporations and government agencies, and even in large-scale operations that relied on malicious ads and other content on a hijacked website.

This particular issue has been addressed in Firefox, but Chrome is still susceptible to such attacks.

Another attack method described by the expert can be exploited by hackers to gain access to a victim’s browsing history.

According to Stone, this is possible because of the difference between how long it takes a browser to draw a link that has been visited and one that hasn’t been visited.

“There’s nothing to patch. There is actually nothing specific that can be individually fixed to prevent this,” Hansen said.