
Read and write arbitrary bits using HTTP server-side caching - ikotler
https://github.com/SafeBreach-Labs/cachetalk
======
re
The slides explain what this is for much better than the README. The goal is
to exfiltrate data from a compromised endpoint in a "high-security enterprise"
in a way that's difficult to detect.

The "sender" makes requests (or doesn't make them, to send 0 vs. 1) on a pre-
determined schedule to an unpopular resource on a popular, unaffiliated third-
party server. The "receiver" can request the same resource a few seconds
later, and can determine based on the cache-related HTTP headers returned
whether the page was generated recently or just now, with the current request.
This of course requires the server to expose information about server-side
caching via the headers; the example given is that the Expires header may be
used to infer the original generation time.

~~~
cperciva
A much better attack is the timing channel: A page which accesses resources
from disk will be faster if someone else has accessed it recently. I don't
know why they missed that...

------
bootload
_" Cachetalk requires Python 2.7.x to run."_

The above quote stood out in light of: _" Python 2.7 Retirement Countdown"_ ~
[https://news.ycombinator.com/item?id=11793857](https://news.ycombinator.com/item?id=11793857)

~~~
Bromskloss
We should fix it for them.

