Same Origin Policy | Breaking Cybersecurity News | The Hacker News

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser. The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the "file://" scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders. Since the Same Origin Policy for the file scheme has not been defined clearly in the RFC by IETF, every browser and software have implemented it differently—some treating all files in a folder as the same

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692 , the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version 5.4.02.3 and earlier. The Same Origin Policy or SOP is a security feature applied in modern browsers that is designed to make it possible for web pages from the same website to interact while preventing unrelated sites from interfering with each other. In other words, the SOP makes sure that the JavaScript code from one origin should not be able to access the properties of a website on another origin. The SOP bypass vulnerability in the Samsung Internet Browser, discovered by Dhiraj Mishra , could allow a malicious website to steal data, such as passwords or cookies, from the sites ope

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to " Chromodo " -- a free browser offered by Comodo Antivirus. If your head nod is " Yes ," then you could be at risk! Chromodo browser, which is supplied along with the installation of Comodo Anti-Virus Software and marketed as 'Private Internet Browser' for better security and privacy, automatically overrides system settings to set itself as your 'Default Browser.' And secondly, the main security concern about Comodo Antivirus is that the Chromodo browser has 'Same Origin Policy' (SOP) disabled by default. Google's security researcher Tavis Ormandy , recently shouted at Comodo for disabling SOP by default in its browser settings that violates one of the strongest browser security policy. Orm