2011 Talks

An Embarrassingly Simple Solution to the Problem of Protecting Browser Users

Web browsers currently do virtually nothing to proactively protect users from malicious web sites. Whether a site has a certificate or not is largely irrelevant, blacklists react too slowly to catch anything but inept phishers, and beyond these security-theatre defences there's nothing available. As a result a browser will happily take a user to an obviously-phishy fake banking site and run evidently malicious Javascript to inject a drive-by download onto their PC.

Building on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice, and how similar principles could be used as part of at an embarrassingly simple risk-mitigation strategy that helps protect browser users from malicious web sites.

Speaker: Peter Gutmann

 Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of the open source cryptlib security toolkit.

In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the lack of security usability.

 

2011 Data Breach Investigation Report 2011 Data Breach Investigation Report
APCO P25 Security Revisited: The Practical Attacks!  APCO P25 Security Revisited: The Practical Attacks!