Manuel Sousa

> > Possibly, but why not just contribute to Matrix / Riot instead at that point? > > You're probably right there. I didn't consider that because I never used...

**Marginwidth** / **marginheight** https://research.securitum.com/marginwidth-marginheight-the-unexpected-cross-origin-communication-channel/ The author states in the end: > Also I think that marginwidth specifically has some potential for XS-Leaks but I couldn’t find a viable scenario.

[XS-Leaks Wiki Experiments](https://xsleaks.com/docs/attacks/experiments/) Even though some of the Wiki XS-Leaks are still experiments, some of them will eventually land. Every described topic could be a nice starting point to find...

CTF Challenges: - [Frame Counting](https://ctftime.org/task/8659) FBCTF 2019 - [AVOracle](https://ctftime.org/task/9133) TokyoWesterns 2019 - [Error Events](https://ctftime.org/task/9659) Backdoor CTF 2019 ....

Hey! The original Connection Pool Exhaustion [report](https://bugs.chromium.org/p/chromium/issues/detail?id=843157) contains a POC: [https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=339460](https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=339460) I used it multiple times in the past and it worked very well with few modifications but I am...

> @manuelvsousa the report uses yahoo mail may also work for other services allowing XS-Search seems bad. > From what I understand about it you can do timing attacks even...

Yeah, you are correct as it's in theory possible, but as we learned in the past years it's a difficult task to have clear deterministic protections against XS-Leaks, which means...