Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes

Alternative Services spec bungled by browser makers The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT ’19 security conference on Tuesday.…… read more →