I like to think I’ve got operating system security down pretty well. I know I’m not as good with network security, but I try just as hard. When I got into web security this summer, I took a hard look at how I could improve the security of my web browser and it’s only taken me 4 months to realize that it’s probably a pointless endeavor.
This is what my desktop looked like up until yesterday:
That’s 4 different web browsers and 7 different Prism Single-Site-Browsers (SSBs). That’s right, I sucked it up and used SSBs for a whole 4 months after I wrote a post denouncing them because they seemed like the only good option I had. Oh, and every SSB had NoScript installed on it.
The purpose for all this was to keep my cookies isolated from eachother and divide my browsing habits into different domains, so if I got caught in an attack on… say, this weblog, there would be no way an attacker could also walk away with my Google auth tokens. Google obviously means a lot to me, so I decided I need to keep all of their services completely isolated from everything else, hence the SSBs. I also cleared the data stored in each browser on a regular basis to minimize the information stored by them at any given time.
Continue reading ‘Protecting Your Cookies’
Our lab holds a Capture the Flag (CTF) hacking contest as part of CSAW each year and the tagline for it is:
“A digital cyber attack and defense competition in detecting application security vulnerabilities.”
…but shhhhh! Don’t tell marketing, there is absolutely no defense involved! 
. I believe that attack has merits on its own, but that is a discussion for another time.
CSAW CTF started out in 2004 as a network-based game with dozens of virtual machines running known vulnerable software. The challenge was to discover and detect these issues and then find or tweak public exploits to work on them. This could have been a good way to run CTF, but we simply couldn’t afford the time to make it work properly. I ended up taking second place to Michael Aiello, now a close friend of mine, that year. Afterwards, Mike and I sacrificed our chances of winning the next year by helping develop the 2005 contest and, along with other members of the lab, changed the game’s format to how it remains to this day.
Continue reading ‘CSAW08 CTF’
Every year, as part of CSAW, we hold a Security Awareness Poster contest where we ask students to convey a simple message regarding any current issue in information security. These posters always turn out amazing and are among the most impressive, if non-technical, entries we get. Unfortunately, we haven’t been so good at sharing these posters with others and usually only make a few printouts for ourselves in the lab.
Today, that is going to change. I uploaded my hand-picked favorites from the last 3 years to my web site for the entire web to enjoy! I tried to mark who made what poster in the title but please leave me a message if I missed yours.
Amanda Morante's 1st place entry from 2006
View the full library of awareness poster images here.
Registration for CSAW 2008 is still open and we will be having the Security Awareness Poster contest again, in addition to 6 other contests. If you know any graphic designers, convince them to join!
Recent Comments