Advanced Web and E-Voting Security

All Your iFRAMEs Point to Us

Hi, 

If anyone need the ACM Proxy link,

http://proxy.cc.uic.edu/login?url=http://portal.acm.org

I am going to present Doppelganger paper on Wednesday and will be talking about cookies and such. Since cookies are somewhat central to understanding of papers on web privacy, I think it is a good idea to understand them from a practical side.

So, fire up your favorite HTTP proxy and start surfing the web. Hit some of the ‘fat’ sites you know of. The more cookies the better. Observe the traffic and see how cookies are set and retrieved. As you browse from site to site, keep an eye on what is stored in your cookie jar. Can you tell what information your cookies store? Can you tell why? Do you think you need them? Maybe you know what the cookie names mean?

Navigate to abotu:cache and checkout what files have been persisted. Try looking at the URLs and think how much this data says about you.

Once you are done with cookies, please clear and disable all cache and cookies and start surfing the web, taking notes of how this experience differs from the previous exercise. What differences are apparent right away?

While contemplating how much information about you leaks through web sessions, navigate to pipl.com, type in you first & last name and hit search… Where this information comes from?

We will be reading the second paper (”protecting browser state…”) from our schedule. This paper extends the basic ideas in the original paper.

Please go through. Also, if you find any interesting pointers or other background information about this paper, use the comments feature on this page to discuss.

As usual your summaries are due before class. Do not try to replicate the results from the paper. Instead, try to summarize in your own words what you’re reactions are about the results of the paper. What questions remain after reading and so on.

Some of you did not receive the email sent for the paper on timing attacks. The purpose of this blog post is to alert you to any problems of communication we may be having. I would like to resolve this right away. We will use both the blog and email to communicate, so it is important for me to have all of your current email addresses.

I just sent a test mail (with subject “cs594:test”) to everyone in class, to their UIC.edu address. I pulled out your addresses from the class list. I also included the original message for those who didn’t receive it.

If you are in this class, and did NOT get this email, let me know that as well. This will help us investigate where the problem is. If you got both emails, then please ignore and move on.

Also, if you want me to send you email to a different address, please let me know, by responding to that email.

Use this blog post to discuss this paper or share any background material related to this paper.

(Click on the ’schedule’ link to the left to see the list of papers.)

This is the class blog page in which the schedule and lecture notes will appear.