Lecture 4 - University of Colorado Boulder | University of ...
Foundations of Network and Computer Security John Black CSCI 6268/TLEN 5550, Spring 2013 Session-Based Attacks HTTP is connectionless But many/most apps want to maintain state Using IP addresses is an imperfect solution Why?
Cookies were invented to solve exactly this problem Using Cookies for Session Management The server wants to maintain information about the current client Encode state into an alphanumeric string Use Set-cookie=string and send to browser Optionally set expires, domain, path, secure, httponly
values as well Now each time the browser wishes to connect to a given domain and path, it checks its cookie store and transmits all matching cookies Using Cookies for Session Management They are essentially a temporary password Difficult to guess, not short enough to brute-force, unique
These are often violated by using insufficient randomness, being too short, using counters, etc Many apps that lock-out password attempts fail to guard against brute force attacks on session ids So short session ids are very vulnerable Demo stateful.php on moxie Bad Random Number Generators
Netscape Session Keys 1996 RNG_CreateContext() /* time since Jan 1, 1970 */ (seconds, microseconds) = time of day; pid = process ID; ppid = parent process ID; a = mklcpr(microseconds);
b = mklcpr(pid + seconds + (ppid << 12)); seed = MD5(a, b); mklcpr(x) /* not cryptographically significant */ return ((0xDEECE66D * x + 0x2BBB62DC) >> 1); Cross-Site Scripting (XSS) XSS is a very common vulnerability Would be vulnerability of the decade except
SQL injections are often far more serious XSS is used for a client to attack another client, not to attack a server An XSS vulnerability is as simple as echoing back user-input without sanitizing Ex: You submit: XYZ!!(2 to a search engine and it replies with XYZ!!(2 no results found Security Context We define a security context to be the set
of rules that govern how cookies are handled between domains Users might have several contexts active at the same time Ex: An unexpired session token with a bank sitting in another browser window (logout or browser death usually purges these tokens, but users will often neglect to do either) XSS The idea of XSS is for an attacker to inject
Visit stateful.php to establish highly valuable session ID View xss.php behavior Look at ~drevil on moxie Note the warm innocent feel of the page View source on this page (note the encodings) Examine steal.php Click on link on drevils homepage Look in /tmp/stolen.txt
Stored XSS is usually considered more serious No need to induce the user to establish a session then visit drevils site, which can be hard some times Note proper domain name SSL would be enabled, if this were an SSL site
Samy XSS worm Oct, 2005: myspace had an XSS vulnerability They used in every user-input vector and monitor for appearance of this string from the site If string comes back unmodified, jackpot This is automatable
Some XSS vulns will not be found by this technique, however, since
Consider of all requirements Provides real benefits Accurate management reporting across all area Paperless payroll with automated rules Efficient HR processes designed for self service Provides strong and efficient HR operational processes which underpin how you will deliver a modern,...
What is CougarWeb? Add/Drop Class. Online Trainings. Cougarmail. Paying for Tuition . Access online courses (Canvas) Check Collin College class schedule . Grades - And MUCH MORE… Students will receive cougarweb login 3-5 business days after application has been submitted....
How to Complete your New York DECA 2019 SCC Registration. New York DECA. All information is required. Invoice # 2019-SCC. NEW YORK DECA STATE CAREER CONFERENCE. ROCHESTER, NEW YORK. March 6-8, 2019. State Career Conference. ... Number of Box Lunches:...
Inductive Bias Learning System Design Example - Play Checkers IES 511 Machine Learning Dr. Türker İnce (Lecture notes by Prof. T. M. Mitchell, Machine Learning course at CMU) Concept Learning General-to-Specific Ordering of Hypothesis Find-S and Candidate Elimination Algorithms Inductive...
A fault tolerant TeePipe connection is actually much more reliable than any of the single connections since *all* component lines must fail for an outage to happen. *multiple cable connections don't really help, but multiple DSL connections scale well up...
Bodies of Water. Several lakes are found along the Great Rift Valley: Lake Tanganyika and Lake Victoria (main source of the Nile River). Because of cliffs and waterfalls, the rivers cannot be used for transportation or trade.
Ecology- Energy Flow ... Earthworms, snails, crabs Decomposers- break down organic matter Fungi and bacteria Objective: To trace flow of energy through living things Energy Flow Food chain and Food web track energy flow Webs are made up of several...
Ready to download the document? Go ahead and hit continue!