Slashdot Mirror

← Back to Stories (view on slashdot.org)

Research Projects You Should Know About

Posted by ryuzaki0 on from the listen-up dept.

Anonymous Coward writes "Here is a look at 10 current IT and network research projects, from active cookies to faster wireless LANs to the latest anti-phishing schemes, that could be making their way out of labs and into companies and homes soon." Still no virtual sandwich I see.

3 of 56 comments (clear)

  1. Re:sharing Wi-fi? by red5 · · Score: 4, Interesting

    "Steal", "Share"? It's all just a matter of semantics these days.

    --
    I know I'm going to hell, I'm just trying to get good seats.
  2. The key to going where Google isn't... by b0r1s · · Score: 4, Interesting

    Is to explore the content that Google ignores. The next 'breakthrough' in search engines will advance on Google Images and Google Video by being able to discover objects in images and understand text in video.

    Being able to search video hosting sites for a phrase without requiring manual entry of the script (if one even exists) would be incredibly useful.

    --
    Mooniacs for iOS and Android
  3. Active Cookies by Anonymous Coward · · Score: 4, Interesting

    You can download the Active Cookies whitepaper from the front page of http://www.ravenwhite.com./

    It appears that Raven White, in association with RSA Laboratories, are proposing an extension to the HTTP cookie scheme whereby a cookie could be associated with an IP address rather than a domain. This would, according to them, allow a site to store a shared secret on the client which could not be obtained by third parties via a "pharming" (DNS/browser location spoofing) attack.

    I'm not going to argue about the merits of the scheme they are proposing - it appears to be relatively functional.

    What I don't understand is why, if what they're proposing requires extensions to the existing behavioural specification, they don't look at a challenge-response style method of cookie acquisition. This would remove the tying of cookie "ownership" to the DNS hierarchy and permit a more robust scheme of sharing information between the client and server.

    A valid anology to the current system might be:
    Me: Hi, my name's Malcolm, can I have the secret documents?
    You: You walked in when I asked for Malcolm - here they are.

    White Raven's scheme:
    Me: Hi, can I have the secret documents?
    You: I recognise you from the last time I spoke to Malcolm - here they are.

    Cookie auth scheme:
    Me: Hi, can I have the secret documents? Here's the password we agreed on earlier.
    You: I recognise that password, you must be the entity I spoke to earlier or an agent thereof. Here's the documents!

    I concede that the IP based cookie distribution system is simpler - but it's not much simpler, it is still open to attacks and it is less flexible. Is there something I'm missing?

    Malcolm