funsec mailing list archives
Bad idea. Bad.
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Wed, 22 Feb 2006 14:04:13 -0800
Sorry, but if I've learned anything in almost 20 years of malware research, it's that active content can lead to trouble. (And JavaScript is definitely *not* my language of choice for security purposes.) February 21, Channel Register (UK) Active cookies aim to thwart cyber crooks. A new technique to protect users against more sophisticated forms of cybercrime has been developed by Indiana University School of Informatics and affiliated start-up RavenWhite. The "active cookie" can be used as a countermeasure against online scams such as pharming and man-in-the-middle attacks. "There are no reliable commercial tools currently available to protect users from such attacks," said Jakobsson of the IU Center for Applied Cybersecurity Research. "We believe that active cookies can provide such protection." Active cookies are a "piece of cached and sandboxed executable code, such as a JavaScript object, that help authenticate an Internet browser to a server," say the researchers. The technology is a shield against identity theft and cyber attacks that can protect against pharming attacks as well as techniques used to hijack Wi-Fi connections or modify consumer router settings. Limitations include limited persistence and a lack of support for roaming users. "And they don't offer security against strong attacks like active corruption of routers on the client-server path, as holistic cryptographic solutions can." Active cookies may be attractive to financial institutions -- they complement existing techniques for user authentication, are easy to use, and don't have the potential security implications associated with browser plug ins. Source: http://www.channelregister.co.uk/2006/02/21/active_cookie/ ====================== rslade () computercrime org slade () victoria tc ca rslade () sun soci niu edu It is the test of a good religion whether you can joke about it. - G. K. Chesterton Where does the idea come from that if what we are doing is fun, it can't be God's will? The God who made giraffes has a sense of humor. Make no mistake about that. - Catherine Marshall _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bad idea. Bad. Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 22)
- Re: Bad idea. Bad. Valdis . Kletnieks (Feb 22)
- <Possible follow-ups>
- Re: Bad idea. Bad. Fergie (Feb 22)