securing the web browser
play

Securing The Web Browser Keeping the Phish in the Sea What is Wrong - PowerPoint PPT Presentation

Oct 15, 2022 •709 likes •933 views

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

  1. Securing The Web Browser Keeping the Phish in the Sea

  2. What is Wrong With This?

  3. Where to Begin? ● Security indicator only in the content region ● Notice that it is used for personal data that should be secure ● No access to the location or identity indicators ● Site was able to remove all chrome ● This looks like a phishing site! ● Can phishing really be that easy? YES!

  4. What is Wrong With This?

  5. Nothing!!

  6. Konqueror

  7. Firefox Chrome

  8. Internet Explorer Chrome

  9. The Browser Today

  10. Flaws in Browsers ● Sites have too much control over chrome ● Can spoof system windows ● Chrome is inconsistent across platforms ● Inconsistent user experience – think phones, kiosks, PCs ● Users trust content as much as chrome ● Identity and encryption concepts are mixed, indicated only with a boolean (the padlock )

  11. ... and more flaws ● Certificate issuance is a black-box, inconsistent ● What does it even mean? My data is encrypted? I'm talking specifically to my bank? Will my bank handle my data properly? ● International domain names can confuse users ● For that matter, even simple .COM ones do! ● Keystrokes can be stolen with XmlHttpRequest, iframes ● Scripting and active content are far too powerful ● Very vulnerable to click-through syndrome

  12. You Don't Believe It?

  13. Some Phishers Go To Great Lengths!

  14. Why Are These Hard to Solve? ● In many cases, fixing these breaks the Internet™ ● Users won't upgrade, we end up worse off ● Browsers need to do this together, or we need incentives ● There are too many sites that rely on misfeatures ● The concept of identity is not well understood or defined ● Business models are involved

  15. This is Not A Solution!

  16. Users use Web Browsers ● The web browser needs to be easy to use, safe, and powerful ● We need to provide solid, comprehensible chrome and rich content support ● Usability is key: users need to be able to understand the software on first use, but it must be optimally efficient to use years later ● Our current paradigms are failing

  17. User Interface – Good or Bad?

  18. Current Initiatives ● KDE: KWallet ● Microsoft: InfoCard ● CA-Browser forum: High Assurance ● Informal: UI, SSL synchronization between browser developers ● W3C: public-usable-authentication ● Anti-phishing plugins

  19. High Assurance ● 110 certificate authority roots in KDE today ● No standards! ● High Assurance will finally begin to set standards for CAs

  20. Spoof Proof Browser ● Status bar, location bar become permanent ● JavaScript popups become more easily distinguished from system popups ● Personalization features (petnames?) ● More robust SSL

  21. George Staikos <staikos@kde.org> TIPPI June 19, 2006

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas Boyd-Wickizer David Mazires Traditional web applications: lots of trusted (yellow) code HTTP User's Application User's browser front Database User's

1.16k views • 66 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&amp;Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network

Browser and Network request Browser website CS 4803 reply Network OS Computer and Network Security Hardware Alexandra (Sasha) Boldyreva Browser sends requests May reveal private information (in forms, cookies) Web security.

517 views • 7 slides
RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many &lt;script&gt; tags with hidden ordering dependencies Very

362 views • 15 slides
Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does Standard Tor is easy to block GetTor helps you get Tor Browser GetTor helps you get Tor Browser Tor Browser ships with default

567 views • 24 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North &amp; Associates LONG LIVE THE BROWSER! Dan North Dan North &amp; Associates The gangs 1990: Tim Berners-Lee - (WorldWideWeb) 1993: NCSA Mosaic 1994: Netscape - Navigator 1995: Microsoft -

971 views • 21 slides
CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the

CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the

CS371m - Mobile Computing WebView and Web Services Using Built In Browser App To use the built in browser create an Intent and start the Activity 2 WebView A View that display web pages basis for creating your own web browser OR

1.28k views • 54 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with

Securing home Wi-Fi with WPA3 personal Raoul Dijksman and Erik Lamers Securing home Wi-Fi with WPA3 personal Making Wi-Fi great again With security this time, right? Securing home Wi-Fi with WPA3 personal - July 3 rd 2020 2 Why is WPA3

853 views • 28 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 |

NON-PROFIT PRESENTATION TIPS FOR NON-PROFIT PRESENTATION TIPS FOR SECURING DONATIONS SECURING DONATIONS nonprofit.212mediastudios.com | 574.269.0720 | info@212mediastudios.com Having an efgective communication strategy is the fjrst step for your

116 views • 9 slides
Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The

Getting Acquainted W ith Zoom Outline Securing Your Computer Your Invitation The Waiting Room Working with Audio Working with Video Using the Tool Tray Chat In the Meeting When Things Go Wrong 2 Securing Your

325 views • 14 slides
Lesson 1.6: Finding text on a web page Suppose you want to find your time in the local 8K

Lesson 1.6: Finding text on a web page Suppose you want to find your time in the local 8K

Lesson 1.6: Finding text on a web page Suppose you want to find your time in the local 8K race Its easy to find the page but then what? How do you find a word on the page? Control-F aka CMD-F aka Edit&gt;Find CMD-F Find works

362 views • 9 slides
WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web

WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web

WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web browser the best RTC platform To achieve this: Provide a fully functional, production quality implementation of the WEBRTC API and RTCWEB protocol

387 views • 7 slides
Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Chrome Extension Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome Extension Extension Small software programs that can modify and enhance the functionality of the Chrome browser. Written

576 views • 18 slides
All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15 minutes) The Dates are: 27 January, Wed. 7 to 9 pm at the Scout office 13 February, Tues. 9 am to 1 pm at Salem Church in Eastover 20

217 views • 19 slides
TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party Applications Faysal Hossain Shezan and Kaiming Cheng (University of Virginia); Zhen Zhang and Yinzhi Cao (Johns Hopkins University); Yuan Tian (University

598 views • 24 slides
Awesome Chrome Extensions Checker PLUS Gmail/Calendar Vimium The Hacker's Browser. Vimium

Awesome Chrome Extensions Checker PLUS Gmail/Calendar Vimium The Hacker's Browser. Vimium

Awesome Chrome Extensions Checker PLUS Gmail/Calendar Vimium The Hacker's Browser. Vimium provides keyboard shortcuts for navigation and control in the spirit of Vim. Context Menus WhatFont ColorZilla LastPass Dark

383 views • 15 slides
WebRTC 1. Sampling Measures samples a. 2. Structural Measures time a. aka, instrumenting /

WebRTC 1. Sampling Measures samples a. 2. Structural Measures time a. aka, instrumenting /

Structural and Sampling JavaScript Profiling in Google Chrome WebRTC 1. Sampling Measures samples a. 2. Structural Measures time a. aka, instrumenting / markers / inline b. Sampling CPU Profilers At a fixed frequency: Instantaneously pause

856 views • 32 slides
J2V8 A Highly Efficient JS Runtime For Java R. Ian Bull EclipseSource @irbull My Mission We are

J2V8 A Highly Efficient JS Runtime For Java R. Ian Bull EclipseSource @irbull My Mission We are

J2V8 A Highly Efficient JS Runtime For Java R. Ian Bull EclipseSource @irbull My Mission We are building a native widget toolkit Jochen (My Boss): for Android / iOS based on Javascript. Cool! Me: Our implementation with native widgets

642 views • 25 slides

More recommend