Web Security

Sort By:

Go Static or Go Home

In the end, dynamic systems are simply less secure.

by Paul Vixie | January 14, 2015


Security Collapse in the HTTPS Market

Assessing legal and technical solutions to secure HTTPS

by Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk | September 23, 2014


Why Is It Taking So Long to Secure Internet Routing?

Routing security incidents can still slip past deployed security defenses.

by Sharon Goldberg | September 11, 2014


Certificate Transparency

Public, verifiable, append-only logs

by Ben Laurie | September 8, 2014


Securing the Tangled Web

Preventing script injection vulnerabilities through software design

by Christoph Kern | August 25, 2014


Splinternet Behind the Great Firewall of China

Once China opened its door to the world, it could not close it again.

by Daniel Anderson | November 30, 2012


Browser Security Case Study: Appearances Can Be Deceiving

A discussion with Jeremiah Grossman, Ben Livshits, Rebecca Bace, and George Neville-Neil

by Jeremiah Grossman, Ben Livshits, Rebecca Bace, George Neville-Neil | November 20, 2012


The Web Won't Be Safe or Secure until We Break It

Unless you've taken very particular precautions, assume every Web site you visit knows exactly who you are.

by Jeremiah Grossman | November 6, 2012


CTO Roundtable: Malware Defense Overview

Key points from ACM's CTO Roundtable on malware defense

by Mache Creeger | February 25, 2010


CTO Roundtable: Malware Defense

The battle is bigger than most of us realize.

by Mache Creeger | February 24, 2010


Browser Security:
Lessons from Google Chrome

Google Chrome developers focused on three key problems to shield the browser from attacks.

by Charles Reis, Adam Barth, Carlos Pizano | June 18, 2009


Cybercrime 2.0: When the Cloud Turns Dark

Web-based malware attacks are more insidious than ever. What can be done to stem the tide?

by Niels Provos, Moheeb Abu Rajab, Panayiotis Mavrommatis | March 20, 2009


Security in the Browser

Web browsers leave users vulnerable to an ever-growing number of attacks. Can we make them secure while preserving their usability?

by Thomas Wadlow, Vlad Gorelik | March 16, 2009


Playing for Keeps

Inflection points come at you without warning and quickly recede out of reach. We may be nearing one now. If so, we are now about to play for keeps, and “we” doesn’t mean just us security geeks. If anything, it’s because we security geeks have not worked the necessary miracles already that an inflection point seems to be approaching at high velocity.

by Daniel E. Geer | November 10, 2006


Criminal Code:
The Making of a Cybercriminal

NOTE: This is a fictional account of malware creators and their experiences. Although the characters are made up, the techniques and events are patterned on real activities of many different groups developing malicious software.

by Thomas Wadlow, Vlad Gorelik | November 10, 2006


An Epidemic

Painted in the broadest of strokes, cybercrime essentially is the leveraging of information systems and technology to commit larceny, extortion, identity theft, fraud, and, in some cases, corporate espionage. Who are the miscreants who commit these crimes, and what are their motivations? One might imagine they are not the same individuals committing crimes in the physical world. Bank robbers and scam artists garner a certain public notoriety after only a few occurrences of their crimes, yet cybercriminals largely remain invisible and unheralded. Based on sketchy news accounts and a few public arrests, such as Mafiaboy, accused of paralyzing Amazon, CNN, and other Web sites, the public may infer these miscreants are merely a subculture of teenagers.

by Team Cymru | November 10, 2006


Phishing for Solutions

Re: phishing, doesn't the URL already give away enough information?

by George Neville-Neil | June 30, 2006


Vicious XSS

For readers who doubt the relevance of KV's advice, witness the XSS attack that befell MySpace in October.

by George Neville-Neil | January 31, 2006


Lack of Priority Queuing Considered Harmful

Most modern routers consist of several line cards that perform packet lookup and forwarding, all controlled by a control plane that acts as the brain of the router, performing essential tasks such as management functions, error reporting, control functions including route calculations, and adjacency maintenance. This control plane has many names; in this article it is the route processor, or RP. The route processor calculates the forwarding table and downloads it to the line cards using a control-plane bus. The line cards perform the actual packet lookup and forwarding.

by Vijay Gill | December 6, 2004


Network Forensics

The dictionary defines forensics as "the use of science and technology to investigate and establish facts in criminal or civil courts of law." I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did.

by Ben Laurie | August 31, 2004


Blaster Revisited

What lessons can we learn from the carnage the Blaster worm created? The following tale is based upon actual circumstances from corporate enterprises that were faced with confronting and eradicating the Blaster worm, which hit in August 2003. The story provides views from many perspectives, illustrating the complexity and sophistication needed to combat new blended threats.

by Jim Morrison | August 31, 2004