A new Facebook (s fb) engineering blog post highlights how the company is trying to counter the threat of browser reconnaissance and exfiltration via adaptive compression of Hypertex (BREACH) attacks, which security researchers warned about last August.
BREACH attacks can be linked to the security measures an organization might use when dealing with cross-site request forgery (CSRF) attacks, which target websites that have user accounts, according to Chad Parry, a member of Facebook’s security and infrastructure team based in London.
In the case of an CSRF attack, an attacker can impersonate a user and trick the user’s browser to either send spam or steal information in the form of web requests to whatever website a user might have an account with, Parry wrote.
While companies like Facebook could use a CSRF token as a marker that indicates whether the user is real or a hacked account, to prevent an attack, the…
View original post 199 more words