c s get http example com s c page including a login form
play

C -> S: GET http://www.example.com/ S -> C: page, including a - PowerPoint PPT Presentation

May 10, 2023 •492 likes •686 views

C -> S: GET http://www.example.com/ S -> C: page, including a login form C -> S: GET http://www.example.com/login? u=USER&p=PASSWD [server marks this session as authenticated] S -> C: Set-Cookie: sessionid= NONCE (Cookie is an

  1. C -> S: GET http://www.example.com/ S -> C: page, including a login form C -> S: GET http://www.example.com/login? u=USER&p=PASSWD [server marks this session as authenticated] S -> C: Set-Cookie: sessionid= NONCE (Cookie is an "authenticator" for session) C -> S: GET http://www.example.com/somepage Cookie: sessionid= NONCE

  2. <img src="http://bank.example/withdraw? account=bob&amount=1000000&for=mallory">

  3. Challenges • MITM – Network – Proxy/relay • “Transaction generators” / malware – Parasitic on communication • Mobility – Multiple devices • Impatient/Untrainable Users

  9. Thinking about Passwords • Big Web Service Provider perspective: – “ If you are using passwords for your services, you are screwed.” • Desired properties: – Easy to produce – Portability (use from different machines) – Scalability (can have lots of accounts) • Tension with threats?

  13. "gee I hope 2 elephants don't step on me"

  14. "gIh2ed'tsom"

  15. (1) Get victim's email & home (billing) address (2) Call Amazon, say you're the victim & want to � add a credit card # (2') Add bogus card (3) Call Amazon: "I've lost access to my email account" Provide name, billing addr, new credit card # (3') Add new email account (4) Go to Amazon web site, send password reset to new acct (5) This reveals last four digits of account CCs (6) Go to Apple. Provide billing addr & last 4 digits ... (6') ... receive temporary iCloud password (7) Go to N services, do password resets emailed to acct (8) PROFIT

  16. Effective Warnings • Interrupt primary task • Provide clear choices • Fail safely (if user ignores / navigates away) • Prevent habituation • Alter site presentation (look & feel) if iffy

  19. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.pdf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Administrative Issues Login into learn.usc.edu and make sure Login into learn usc edu and make

Administrative Issues Login into learn.usc.edu and make sure Login into learn usc edu and make

Administrative Issues Login into learn.usc.edu and make sure Login into learn usc edu and make sure that CSCI561a is listed as one of your courses. Web page: Web page: http://www-scf.usc.edu/~ csci561b/ http://den.usc.edu

484 views • 22 slides
Login Page The page shows all rounds and their status (open,closed etc) People can Login or

Login Page The page shows all rounds and their status (open,closed etc) People can Login or

Login Page The page shows all rounds and their status (open,closed etc) People can Login or Create an Account from this page Create An Account This is the first year that we have address verification. Applicants can put in their House

504 views • 27 slides
HTTP POST HTML Forms Write HTML to setup a form When a user submits the form it will send

HTTP POST HTML Forms Write HTML to setup a form When a user submits the form it will send

HTTP POST HTML Forms Write HTML to setup a form When a user submits the form it will send a request to your server Respond with an HTML page Submitting a form will reload the page &lt; form action=&quot;/form-path&quot;

739 views • 18 slides
General WHealth HSA Management App Visual Compositions 1 Login Page Landing Page HSA Balance

General WHealth HSA Management App Visual Compositions 1 Login Page Landing Page HSA Balance

General WHealth HSA Management App Visual Compositions 1 Login Page Landing Page HSA Balance Summary Page HSA Reports Page HSA Budget Tool: Contribution and Estimated Growth HSA Budget Tool: Contribution Editing Page Safe Wallet Tool

317 views • 27 slides
The Best Kept Secrets of WFM Sponsored by The Classic Schedule Problem Login to our Chat Page

The Best Kept Secrets of WFM Sponsored by The Classic Schedule Problem Login to our Chat Page

WEBINAR The Best Kept Secrets of WFM Sponsored by The Classic Schedule Problem Login to our Chat Page cch.chat Login to our Chat Page cch.chat Sponsored by Where Possible use 15 Minute Reporting Intervals Beware of Overhang AHT

489 views • 11 slides
Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to

Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to

Login to your Student Web Portal New Student Orientation 2016 Login Welcome Screen Go to http://fbu.empower-xl.com/ To login : Username: (Your Student ID) Default Password: (First 2 letters of your last name + Last 4 numbers of

640 views • 9 slides
Go to www.gotsoccer.com and click on User Login Click on Teams &amp; Team Officials Login Enter

Go to www.gotsoccer.com and click on User Login Click on Teams &amp; Team Officials Login Enter

Go to www.gotsoccer.com and click on User Login Click on Teams &amp; Team Officials Login Enter your team Login Username and Password and click Login Click on Team profile Click on Documents tab to see FYSA Rosters. On this page you can also

391 views • 10 slides
How do I access the pre-prints and presentations? Dont know your login? This will allow

How do I access the pre-prints and presentations? Dont know your login? This will allow

How do I access the pre-prints and presentations? Dont know your login? This will allow you to get your username and password Once youve accessed that information, go to the AAPT home page to log in! Know your login? Once

76 views • 7 slides
Capricorn Portal Tutorial Capricorn Login Page , User id will be you registered EmailID and

Capricorn Portal Tutorial Capricorn Login Page , User id will be you registered EmailID and

Capricorn Portal Tutorial Capricorn Login Page , User id will be you registered EmailID and Password will be provided and you can change it by clicking forgot password, you will receive OTP in Email for Password Reset. After login Dashboard

536 views • 12 slides
Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual

Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual

Social Login for SAS Visual Analytics Michael Dixon Please Come In! Social Login for SAS Visual Analytics Paper availa ilable at http:/ ://bit.l .ly/socia ialsas What is Social Login? From Wikipedia: So Socia ial lo login in, also

276 views • 12 slides
General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

General LTL Specification Mining Caroline Lemieux , Dennis Park and Ivan Beschastnikh University

login attempt auth failed login attempt guest login login attempt authorized Texada auth failed login attempt G( x XF y ) login attempt G( guest login XF authorized ) guest login authorized auth failed login attempt Authorized

1.11k views • 59 slides
login Who is login? We make sure that the transport sector has the junior staff it needs for the

login Who is login? We make sure that the transport sector has the junior staff it needs for the

login Who is login? We make sure that the transport sector has the junior staff it needs for the future. 2 Overview Who is login? What fields do we work in? How do we manage our vocational education process ? What types of

422 views • 14 slides
May login with student login or parents login to register Firefox and Internet Explorer

May login with student login or parents login to register Firefox and Internet Explorer

May login with student login or parents login to register Firefox and Internet Explorer are recommended internet browsers for registration Google Chrome will not work for registration Go to Westlake High Schools Home, click

581 views • 17 slides
UC SAN DIEGO CREDIT CARD PAYMENT TUTORIAL From tritonlink.ucsd.edu home page, login to

UC SAN DIEGO CREDIT CARD PAYMENT TUTORIAL From tritonlink.ucsd.edu home page, login to

UC SAN DIEGO CREDIT CARD PAYMENT TUTORIAL From tritonlink.ucsd.edu home page, login to MyTritonLink Enter User ID/PID and password (students only). Click on balance amount or account details to go to the BILLING &amp; PAYMENT menu.

188 views • 18 slides
Club Runner behind the D9500 website &amp; accessed by login. Login &amp; password automatically

Club Runner behind the D9500 website &amp; accessed by login. Login &amp; password automatically

Club Runner behind the D9500 website &amp; accessed by login. Login &amp; password automatically created when added to database TITLE | 1 Looking for a Logo TITLE | 2 District website - http://rotary9500.org/ (Club Runner) Your Local

827 views • 26 slides
Minutes for IAI [Major] Engineering Panel October 22, 2015 10:00 am ICCB Office, Springfield IL

Minutes for IAI [Major] Engineering Panel October 22, 2015 10:00 am ICCB Office, Springfield IL

Developing a Pathway 1) Curricular maintenance of the ASE and IAI involvement http://www.itransfer.org/faculty.aspx (see minutes below) https://www.transferology.com/login.htm?btn=login&amp;msg=expired When the transfer process breaks

305 views • 5 slides
Internet Science-Creating Better browser warnings Sepideh Mesbah Advisor: Dr. Heiko Niedermayer

Internet Science-Creating Better browser warnings Sepideh Mesbah Advisor: Dr. Heiko Niedermayer

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Internet Science-Creating Better browser warnings Sepideh Mesbah Advisor: Dr. Heiko Niedermayer Seminar Future Internet WS1415 Agenda

502 views • 18 slides
4. What Is Modularity? butterfillS@ceu.hu butterfillS@ceu.hu Outline Why we need a notion of

4. What Is Modularity? butterfillS@ceu.hu butterfillS@ceu.hu Outline Why we need a notion of

4. What Is Modularity? butterfillS@ceu.hu butterfillS@ceu.hu Outline Why we need a notion of modularity (0) There is a problemcurrent accounts of modularity are inadequate (1). I have a solution (2). This solution implies a

1.05k views • 89 slides
CS449/649: Human-Computer Interaction Winter 2018 Lecture VI Anastasia Kuzminykh Translating

CS449/649: Human-Computer Interaction Winter 2018 Lecture VI Anastasia Kuzminykh Translating

CS449/649: Human-Computer Interaction Winter 2018 Lecture VI Anastasia Kuzminykh Translating Needs Into Functionalities Make data Identify right time Turn problems actionable and place into tasks Adjust personas Thinking Physical model

426 views • 30 slides
World Habitat Day 2020 5 October 2020 Executive Secretary Opening Statement Global Observance of

World Habitat Day 2020 5 October 2020 Executive Secretary Opening Statement Global Observance of

World Habitat Day 2020 5 October 2020 Executive Secretary Opening Statement Global Observance of World Habitat Day Surabaya, Indonesia His Excellency, Mr. Joko Widodo, President of the Republic of Indonesia, His Excellency Mochamad Basuki

334 views • 8 slides

trt t t rs r ss

963 views • 72 slides
Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average

Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average

Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average Handling Time (AHT) in essence, tells you how much time an advisor spends working on a task and when they are unable to deal with a new work item.

320 views • 10 slides
Handling time-critical service applications with EGI e-Infrastructure Joao Pina, EGI Foundation

Handling time-critical service applications with EGI e-Infrastructure Joao Pina, EGI Foundation

Handling time-critical service applications with EGI e-Infrastructure Joao Pina, EGI Foundation Portuguese NGI representative INCD / LIP www.egi.eu This work by EGI.eu is licensed under a Creative Commons Attribution 4.0 International

618 views • 26 slides
Warehousing Warehousing are the activities involved in the design and operation of warehouses

Warehousing Warehousing are the activities involved in the design and operation of warehouses

Warehousing Warehousing are the activities involved in the design and operation of warehouses A warehouse is the point in the supply chain where raw materials, work-in-process (WIP), or finished goods are stored for varying lengths of

459 views • 29 slides

More recommend