It was a very productive conference, all told. The sort of conference where new attacks materialise over breakfast conversations. In terms of new and pending material, I'll do separate posts regarding:
- My latest E4X cross-domain theft attack (building on the work of my colleagues Filipe and Michal)
- A new "divided login" attack (Billy and I having fun over breakfast)
- JDK GIFAR fix considered incomplete
- A new cross-browser cross-domain theft
I'm going to be thinking about contributing more to the building side.