CSCI6268L34 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #34 Dec 4 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
XSS Attacks XSS: Cross Server Scripting Not CSS (Cascading Style Sheets) Idea: you open a website, passing a value, and the site echoes back that value What if that value has a script embedded?! Example: 404 Not Found Suppose you see a link (in email, on IRC, on the web) saying, “Click here to search Google” The link really does go to google, so what the heck… However the link is www.google.com/badurl%0a%5C. .. » Above contains an embedded, hidden script Google says, “badurl%0a%5C…” not found Just displaying this to you, executes the script
Background image of page 2
XSS Vulnerabilities They’ve been found all over the web Fairly new problem (compared to buffer overruns) Lots of examples still exist in the wild Very tricky to find them all Solution is to filter, of course Need to filter inputs from users that server will be echoing back to the user
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Phishing Revisited Dear Amazon User, During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete. As a result, your access to buy on Amazon has been restricted. To continue using your Amazon account again, please update and verify your information by clicking the link below : http://www.amazon.com@service02.com/exec/obidos/subst/home/? Thank you very much for your cooperation! Amazon Customer Support Please note: This e-mail message was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message. Amazon.com Earth's Biggest Selection
Background image of page 4
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Where does the info go? service02.com maps to IP 66.218.79.155 % whois 66.218.79.155 OrgName: Yahoo! OrgID: YAOO Address: 701 First Avenue City: Sunnyvale StateProv: CA NetRange: 66.218.64.0 - 66.218.95.255
Background image of page 6
Defenses Against Phishing Spoofguard Product out of Stanford Doesn’t work for me (ugh!) Detects various suspicious behaviors and flags them Red light, green light depending on threshold There are others as well Bottom line: Don’t believe emails from “legitimate companies” This is frustrating for companies!
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Wireless Security Why is wireless security essentially different from wired security? Almost impossible to achieve physical
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 34

CSCI6268L34 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online