Presented at
Kiwicon V: It Goes b00m (2011),
Nov. 5, 2011, 11:30 a.m.
(45 minutes).
Web browsers currently do virtually nothing to proactively protect users from malicious web sites. Whether a site has a certificate or not is largely irrelevant, blacklists react too slowly to catch anything but inept phishers, and beyond these security-theatre defences there's nothing available. As a result a browser will happily take a user to an obviously-phishy fake banking site and run evidently malicious Javascript to inject a drive-by download onto their PC. Building on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice, and how similar principles could be used as part of at an embarassingly simple risk-mitigation strategy that helps protect browser users from malicious web sites.
Presenters:
-
Peter Gutmann
Peter Gutmann arrived on earth some eons ago when his physical essence filtered down from the stars, and he took human(?) form. Lingering for awhile on the plateau of Leng while waiting for the apes to evolve, he eventually mingled among human society, generally without being detected, although the century he spent staked out in a peat bog in Denmark was rather unpleasant and not something he'd care to repeat. Once computers were invented he became involved in security research in the hope that enough insider knowledge would, at the right time, allow him to bypass electronic security measures on the first translight spacecraft and allow him to return to the stars. This is probably still some time away. Until then he spends his time as a researcher at the University of Auckland, poking holes in security systems and mechanisms (purely for practice) and grumbling about unusable security systems.
Links:
Similar Presentations: