The ubiquity of user accounts in websites and online services makes account hijacking a serious security concern. Although previous research has studied various techniques through which an attacker can gain access to a victim's account, relatively little attention has been directed towards the process of account creation. The current trend towards federated authentication (e.g., Single Sign-On) ad
Web browsers are integral parts of everyone's daily life. They are commonly used for security-critical and privacy sensitive tasks, like banking transactions and checking medical records. Unfortunately, modern web browsers are too complex to be bug free (e.g., 25 million lines of code in Chrome), and their role as an interface to the cyberspace makes them an attractive target for attacks. Accordin
RSA AES 1 BB84 Y-00 E-mail: hitoshi.go[email protected] / /2009.10 107 1. 2008 10 9 20 km 1.02 Mbps 100 km 10.1 kbps 1 Gbps 10 Gbps VPN 7 km 2. 1 3 2 1 2 108 /2009.10 1 2 2 109 2 ID IC KEELOQ 1 1 EUROCRYPT2008 50 2 IC IC 3 3 a DES AES Camellia MISTY1 1 http://www.iacr.org/conferences/eurocrypt2008/sessions/SebastianIndesteege_20080414.pdf 110 /2009.10 3 a b 3 b RSA 2 1 1 100 100 100 �� � �� 5,000 We
Spook.js Attacking Google Chrome's Strict Site Isolation via Speculative Execution and Type Confusion Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases. More specifically, we
Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may lead to concrete software vulnerabilities. This paper examines various security issues in Python packages with static analysis. The dataset is based on a snapshot of all packages stored to the Python Package I
Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms, deployed as a browser extension, built-in to the browser, or as a DNS resolver. As a response to pervasive and opaque online tracking, more and more users adopt anti-tracking tools to preserve their privacy. Consequently, as the in
Context: The Heartbleed vulnerability brought OpenSSL to international attention in 2014. The almost moribund project was a key security component in public web servers and over a billion mobile devices. This vulnerability led to new investments in OpenSSL. Objective: The goal of this study is to determine how the Heartbleed vulnerability changed the software evolution of OpenSSL. We study changes
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
