Filters








105 Hits in 6.6 sec

Where the Wild Warnings Are

Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
We investigate the root causes of HTTPS error warnings in the field, with the goal of resolving benign errors.  ...  We are able to automatically diagnose the root causes of two-thirds of error reports.  ...  HTTPS certificate warnings are foundational to the security of the web.  ... 
doi:10.1145/3133956.3134007 dblp:conf/ccs/AcerSFFBDBST17 fatcat:yzi2lprllngkngyfk7jq6xm3hi

Where the Wild Warnings Are

Mustafa Acer, Emily Stark, Adrienne Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, Parisa Tabriz
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17   unpublished
We investigate the root causes of HTTPS error warnings in the field, with the goal of resolving benign errors.  ...  We are able to automatically diagnose the root causes of two-thirds of error reports.  ...  HTTPS certificate warnings are foundational to the security of the web.  ... 
fatcat:omctzrpmbjd2pddcqhtdvsrbey

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations

Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov
2014 IEEE Security and Privacy  
We also found serious vulnerabilities in how users are warned about certificate validation errors.  ...  Many of them are caused by serious security vulnerabilities.  ...  Acknowledgments We are grateful to Rui Qiu for participating in the initial exploration of the ideas that led to this work, and to our Oakland shepherd Matthew Smith for helping smooth ruffled feathers  ... 
pmid:25404868 pmcid:PMC4232952 fatcat:egrh4yppafhybapfbrucjuacji

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations

Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov
2014 2014 IEEE Symposium on Security and Privacy  
We also found serious vulnerabilities in how users are warned about certificate validation errors.  ...  Many of them are caused by serious security vulnerabilities.  ...  We are grateful to Rui Qiu for participating in the initial exploration of the ideas that led to this work, and to our Oakland shepherd Matthew Smith for helping smooth ruffled feathers.  ... 
doi:10.1109/sp.2014.15 dblp:conf/sp/BrubakerJRKS14 fatcat:bctcnezvgfbzha32ish3lpg5km

Analyzing Forged SSL Certificates in the Wild

Lin Shung Huang, Alex Rice, Erling Ellingsen, Collin Jackson
2014 2014 IEEE Symposium on Security and Privacy  
Limitations of the method and possible defenses to such attacks are also discussed.  ...  However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild.  ...  We thank Adam Langley, Scott Renfro, Zack Weinberg, and the anonymous reviewers for providing feedback on drafts of the paper.  ... 
doi:10.1109/sp.2014.13 dblp:conf/sp/HuangREJ14 fatcat:r22fhjdwxrhj5a2kamalkjcifa

An Experimental Study of TLS Forward Secrecy Deployments

Lin-Shung Huang, Shrikant Adhikarla, Dan Boneh, Collin Jackson
2014 IEEE Internet Computing  
In our study, we surveyed a total of 473,802 TLS servers and found that 82.9% of the DHE-enabled servers were using weak DH parameters.  ...  We compared the server throughput of various TLS setups, and measured real-world client-side latencies using an ad network.  ...  ACKNOWLEDGMENTS We thank Rick Andrews, Kaspar Brand and Ivan Ristic for providing feedback on drafts of the paper. This work was supported by NSF and a grant from Symantec.  ... 
doi:10.1109/mic.2014.86 fatcat:umtqhugf6zc7bfnzuo6as6a4ii

Analysis of the HTTPS certificate ecosystem

Zakir Durumeric, James Kasten, Michael Bailey, J. Alex Halderman
2013 Proceedings of the 2013 conference on Internet measurement conference - IMC '13  
are able to issue certificates vouching for the identity of any website.  ...  We report the results of a large-scale measurement study of the HTTPS certificate ecosystem-the public-key infrastructure that underlies nearly all secure web communications.  ...  Acknowledgments The authors thank the exceptional sysadmins at the University of Michigan for their help and support throughout this project.  ... 
doi:10.1145/2504730.2504755 dblp:conf/imc/DurumericKBH13 fatcat:6tr2vxrcing7bnftph4c5thgre

ProxyTorrent: Untangling the Free HTTP(S) Proxy Ecosystem [article]

Diego Perino, Matteo Varvello, Claudio Soriente
2017 arXiv   pre-print
Passive measurements relate to proxy performance and usage in the wild, and are collected by free proxies users via a Chrome plugin we developed.  ...  Around 10% of the working proxies exhibit malicious behaviors, e.g., ads injection and TLS interception, and these proxies are also the ones providing the best performance.  ...  Only one proxy delivers a certificate chain of size two, where the leaf certificate has the expected CommonName but the root certificate has CommonName set to "STATESTATESTATESTATESTATE").  ... 
arXiv:1612.06126v3 fatcat:i3l5fwygy5a27lldwcxueym3qa

ProxyTorrent

Diego Perino, Matteo Varvello, Claudio Soriente
2018 Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18  
Passive measurements relate to proxy performance and usage in the wild, and are collected by free proxies users via a Chrome plugin we developed.  ...  Around 10% of the working proxies exhibit malicious behaviors, e.g., ads injection and TLS interception, and these proxies are also the ones providing the best performance.  ...  Only one proxy delivers a certificate chain of size two, where the leaf certificate has the expected CommonName but the root certificate has CommonName set to "STATESTATESTATESTATESTATE").  ... 
doi:10.1145/3178876.3186086 dblp:conf/www/PerinoVS18 fatcat:wz55okucejd2niamscf3mlfugm

A Search Engine Backed by Internet-Wide Scanning

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, J. Alex Halderman
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Censys returns these results in sub-second time, dramatically reducing the effort of understanding the hosts that comprise the Internet.  ...  Fast Internet-wide scanning has opened new avenues for security research, ranging from uncovering widespread vulnerabilities in random number generators to tracking the evolving impact of Heartbleed.  ...  We thank the exceptional sysadmins at the University of Michigan for their help and support throughout this project, including Chris Brenner, Kevin Cheek, Laura Fink, Dan Maletta, Jeff Richardson, Donald  ... 
doi:10.1145/2810103.2813703 dblp:conf/ccs/DurumericAMBH15 fatcat:tjxw4jm3srh57l6o2zbdkopdka

The Security of WebRTC [article]

Ben Feher, Lior Sidi, Asaf Shabtai, Rami Puzis
2016 arXiv   pre-print
In this study we review current WebRTC structure and security in the contexts of communication disruption, modification and eavesdropping.  ...  The JSON object is parsed as one unit, meaning that a fault in one part of the object, will cause an error to the whole parsing process.  ...  In normal HTTPS applications, there is a clear warning in each browser that the channel is compromised.  ... 
arXiv:1601.00184v1 fatcat:hargyujzrvd5nkvgvddtvecon4

On Challenges in Verifying Trusted Executable Files in Memory Forensics

Daniel Uroz, Ricardo J. Rodríguez
2020 Forensic Science International: Digital Investigation  
These limitations are data incompleteness, data changes caused by relocation, catalog-signed files, and executable file and process inconsistencies. We also discuss solutions to these limitations.  ...  The memory of the system is acquired and then analyzed, looking for facts about the security incident.  ...  This trusted root certificate is mandatory as long as the root certificate is not present in the users' root stores.  ... 
doi:10.1016/j.fsidi.2020.300917 fatcat:v7s7luvx45aoxdwhkvtba6jrye

You Get Where You're Looking for: The Impact of Information Sources on Code Security

Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky
2016 2016 IEEE Symposium on Security and Privacy (SP)  
We also found that many of the security errors made by our participants also appear in the wild, possibly also originating in the use of Stack Overflow to solve programming problems.  ...  , finding that 93.6% of the apps used at least one of the API calls our participants used during our study.  ...  Jennifer DeSimone for helping us navigate the IRB requirements for an international study, and all of the developers and/or students who kindly participated in our study.  ... 
doi:10.1109/sp.2016.25 dblp:conf/sp/AcarBFKMS16 fatcat:bqranncibjgp3h53ez4q7bb4xa

No attack necessary

Bernhard Amann, Robin Sommer, Matthias Vallentin, Seth Hall
2013 Proceedings of the 29th Annual Computer Security Applications Conference on - ACSAC '13  
Over time, the security community has proposed a number of counter measures to increase the security of the certificate ecosystem; many of these efforts monitor for what they consider tell-tale signs of  ...  Much of the Internet's end-to-end security relies on the SSL/TLS protocol along with its underlying X.509 certificate infrastructure.  ...  The certificates in our data are derived from a total of 84 of the 156 roots included in the Mozilla root store. In total, we see certificates issued by 44 different organizations.  ... 
doi:10.1145/2523649.2523665 dblp:conf/acsac/AmannSVH13 fatcat:ckwtgrl7tngkfcm4ofx4xs3qb4

Internet Censorship detection: A survey

Giuseppe Aceto, Antonio Pescapé
2015 Computer Networks  
by the surveillance device or by countering the effects of the action.  ...  Detection of Internet Censorship is the basis for the study of this phenomenon, and recently it has received focus from a technical point of view.  ...  ACKNOWLEDGEMENTS We are grateful to the Editor and the anonymous reviewers, whose comments helped us improving the quality of the paper.  ... 
doi:10.1016/j.comnet.2015.03.008 fatcat:hfobj6upjjhyzdh2joujhtiziu
« Previous Showing results 1 — 15 out of 105 results