Lecture 4 - University of Colorado Boulder | University of ...
Foundations of Network and Computer Security John Black CSCI 6268/TLEN 5550, Spring 2013 Session-Based Attacks HTTP is connectionless But many/most apps want to maintain state Using IP addresses is an imperfect solution Why?
Cookies were invented to solve exactly this problem Using Cookies for Session Management The server wants to maintain information about the current client Encode state into an alphanumeric string Use Set-cookie=string and send to browser Optionally set expires, domain, path, secure, httponly
values as well Now each time the browser wishes to connect to a given domain and path, it checks its cookie store and transmits all matching cookies Using Cookies for Session Management They are essentially a temporary password Difficult to guess, not short enough to brute-force, unique
These are often violated by using insufficient randomness, being too short, using counters, etc Many apps that lock-out password attempts fail to guard against brute force attacks on session ids So short session ids are very vulnerable Demo stateful.php on moxie Bad Random Number Generators
Netscape Session Keys 1996 RNG_CreateContext() /* time since Jan 1, 1970 */ (seconds, microseconds) = time of day; pid = process ID; ppid = parent process ID; a = mklcpr(microseconds);
b = mklcpr(pid + seconds + (ppid << 12)); seed = MD5(a, b); mklcpr(x) /* not cryptographically significant */ return ((0xDEECE66D * x + 0x2BBB62DC) >> 1); Cross-Site Scripting (XSS) XSS is a very common vulnerability Would be vulnerability of the decade except
SQL injections are often far more serious XSS is used for a client to attack another client, not to attack a server An XSS vulnerability is as simple as echoing back user-input without sanitizing Ex: You submit: XYZ!!(2 to a search engine and it replies with XYZ!!(2 no results found Security Context We define a security context to be the set
of rules that govern how cookies are handled between domains Users might have several contexts active at the same time Ex: An unexpired session token with a bank sitting in another browser window (logout or browser death usually purges these tokens, but users will often neglect to do either) XSS The idea of XSS is for an attacker to inject
Visit stateful.php to establish highly valuable session ID View xss.php behavior Look at ~drevil on moxie Note the warm innocent feel of the page View source on this page (note the encodings) Examine steal.php Click on link on drevils homepage Look in /tmp/stolen.txt
Stored XSS is usually considered more serious No need to induce the user to establish a session then visit drevils site, which can be hard some times Note proper domain name SSL would be enabled, if this were an SSL site
Samy XSS worm Oct, 2005: myspace had an XSS vulnerability They used in every user-input vector and monitor for appearance of this string from the site If string comes back unmodified, jackpot This is automatable
Some XSS vulns will not be found by this technique, however, since
Restructuring Congregational Fed. Technically not illegal - but open to challenge. Should have been done better. Reactive. Financial orientation (eg shift Nov'14-Mar'15), timing, limited risk and impact assessment
Code to Enhance Learning. Lesson . 1. Maze. Objective: We will be able to sequence instructions to create algorithmto move Papu out of the maze. Objective: We will be able to . sequence. instructions. to create . algorithm. to move...
l'empire Songhaï (XIIè-XVIè. siècle) le Monomotapa (XVè-XVIè. siècle) » « L'étude de la naissance et du développement des traites négrières est conduite à partir de l'étude au choix d'une route ou d'un trafic des esclaves vers l'Afrique du Nord ou...
He gives another example of Europeans who believed they could do as they wished Such as the Germans in Tanganyika which led to the bloody majimaji rebellion, John Iliffe shows that the resistance and rebellions indicate that if Africans are...
Füüsikalisteks suurusteks nimetatakse materiaalsete kehade omadusi anduritega mõõdetavad suurused on füüsikalised Füüsikalisi suurusi iseloomustatakse füüsikaliste mõõtühikutega Füüsikaliste suuruste mõõtühikute süsteemis (nt SI) on defineeritud üksteisest sõltumatud ühikud Meid huvitavad mitmesugused füüsikalised ...
Establishment of pesticide MRLs in Foods. MRLs have been established for specific crops or crop groups, and processed foods in Korea. For example, a MRL for Tetraconazole was established for pome fruit (a crop group) and dried red pepper(a processed...
B. Clustered Rural Settlements. 1. Families live in close proximity and the fields surround the village. 2. Circular rural settlements. a. The houses and structures of the village surround the fields. 3. Linear rural settlements. a. Houses on the road....
Ready to download the document? Go ahead and hit continue!