funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Bad idea. Bad.

From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Wed, 22 Feb 2006 14:04:13 -0800
Sorry, but if I've learned anything in almost 20 years of malware research, it's that 
active content can lead to trouble.

(And JavaScript is definitely *not* my language of choice for security purposes.)

February 21, Channel Register (UK) — Active cookies aim to thwart cyber 
crooks. A new technique to protect users against more sophisticated forms of 
cybercrime has been developed by Indiana University School of Informatics and 
affiliated start-up RavenWhite. The "active cookie" can be used as a 
countermeasure against online scams such as pharming and man-in-the-middle 
attacks. "There are no reliable commercial tools currently available to protect 
users from such attacks," said Jakobsson of the IU Center for Applied 
Cybersecurity Research. "We believe that active cookies can provide such 
protection." Active cookies are a "piece of cached and sandboxed executable code, 
such as a JavaScript object, that help authenticate an Internet browser to a 
server," say the researchers. The technology is a shield against identity theft and 
cyber attacks that can protect against pharming attacks as well as techniques used 
to hijack Wi-Fi connections or modify consumer router settings. Limitations 
include limited persistence and a lack of support for roaming users. "And they 
don't offer security against strong attacks like active corruption of routers on the 
client-server path, as holistic cryptographic solutions can." Active cookies may be 
attractive to financial institutions -- they complement existing techniques for user 
authentication, are easy to use, and don't have the potential security implications 
associated with browser plug ins.  

Source: http://www.channelregister.co.uk/2006/02/21/active_cookie/

======================
rslade () computercrime org  slade () victoria tc ca  rslade () sun soci niu edu
It is the test of a good religion whether you can joke about it.
                                                  - G. K. Chesterton
Where does the idea come from that if what we are doing is fun,
it can't be God's will?  The God who made giraffes has a sense of
humor.  Make no mistake about that.             - Catherine Marshall

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: