Slashdot Mirror

← Back to Stories (view on slashdot.org)

Research Projects You Should Know About

Posted by ryuzaki0 on from the listen-up dept.

Anonymous Coward writes "Here is a look at 10 current IT and network research projects, from active cookies to faster wireless LANs to the latest anti-phishing schemes, that could be making their way out of labs and into companies and homes soon." Still no virtual sandwich I see.

5 of 56 comments (clear)

  1. Knock knock... by Cephei · · Score: 4, Insightful

    "Sir, we have a warrent to get any encryption keys you have on your computer. You cleared your cookies in IE? Well that's too bad." -handcuff-

    It gets easier and easier to get arrested.

  2. truly pathetic article by Anonymous Coward · · Score: 3, Insightful

    Wow, what a TERRIBLE article.

    First, it is piles of advertising and links you have to click through to get to even the very first page.

    Second, the articles are written by marketing droids, it appears. "Human beings that live in computers" is a stupid marketer code for sim city.

    How pathetic a slashdot article -- slashdot for sub-intelligent children...

  3. Re:Active cookies? by illuminatedwax · · Score: 3, Insightful

    So active cookies totally won't work for certain large sites like yahoo or google that have services like akadns which change the resolved IP addresses quite often?

    --
    Did you ever notice that *nix doesn't even cover Linux?
  4. Re:Active cookies? by jrumney · · Score: 2, Insightful

    they seek to stop the threat of DNS poisoning and passive-snooping man-in-the-middle impersonation of a users' session by tagging cookies in the client's browser with an IP address rather than a domain name, then redirecting users from the DNS-resolved websites to that same IP (only to send their cookies), and ensuring (on the machine pointed to by that IP) that the IP address of the connection which was sent the redirection and the IP address that is now sending back the cookie to match up.

    OK, so as I expected, it does not, as the Newwork World article claims, prevent an attack where someone hijacks your wifi connection to direct you through their own network where they can spoof addresses.

  5. Toss Active Cookies by tqbf · · Score: 2, Insightful

    I wrote about this after reading the white paper. I don't think this is a particularly useful idea.

    The key "insight" of the paper is that if you associate cookies with IP addresses, and not domain names, attackers can't spoof DNS to steal cookies. So a server and client have a facsimile of a "trusted channel"; if the server can recover a proper IP-tagged cookie, it knows it's talking to a client and not a man-in-the-middle.

    Apart from the fact that this whole scheme is aimed at a relatively exotic exploit, which exploit accounts for only a fraction of all phishing attacks, I don't think it will work technically. The simplest reason is Javascript. Attackers don't have to relay requests for victims; they can complete a transaction and transparently direct the victim back to the server. The server need never have contact with the attacker.