Question
Text book details : Security in Computing 5th edition Authors : Charles P. Pfleeger, Shari Lawrence Pfleeger and Jonathan Margulies Chapter 4 - Exercises 1.
Text book details : Security in Computing 5th edition
Authors : Charles P. Pfleeger, Shari Lawrence Pfleeger and Jonathan Margulies
Chapter 4 - Exercises
1. The SilentBanker man-in-the-browser attack depends on malicious code that is integrated into the browser. These browser helpers are essentially unlimited in what they can do. Suggest a design by which such helpers are more rigorously controlled. Does your approach limit the usefulness of such helpers?
2. A cryptographic nonce is important for confirming that a party is active and fully participating in a protocol exchange. One reason attackers can succeed with many web-page attacks is that it is relatively easy to craft authentic-looking pages that spoof actual sites. Suggest a technique by which a user can be assured that a page is both live and authentic from a particular site. That is, design a mark, data interchange, or some other device that shows the authenticity of a web page.
4. A CAPTCHA puzzle is one way to enforce that certain actions need to be carried out by a real person. However, CAPTCHAs are visual, depending not just on a persons seeing the image but also on a persons being able to recognize distorted letters and numbers. Suggest another method usable by those with limited vision.
10. Explain why spam senders frequently change from one email address and one domain to another. Explain why changing the address does not prevent their victims from responding to their messages.
12. Suggest a technique by which a browser could detect and block clickjacking attacks.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started