bonus slides confused deputy problem original exam ple
play

Bonus slides Confused Deputy Problem Original exam ple Norm al - PowerPoint PPT Presentation

Jan 13, 2023 •140 likes •237 views

Bonus slides Confused Deputy Problem Original exam ple Norm al output file Request: 1. Do action 2. Write results to Im portant server file Client Server Response: OK Im portant server file Original exam ple ( 2 )

  1. Bonus slides – Confused Deputy Problem

  2. Original exam ple Norm al output file Request: 1. Do action 2. Write results to “Im portant server file” Client Server Response: OK Im portant server file

  3. Original exam ple ( 2 ) • Possible if the server executes the command using its own credentials, similarly to a traditional buffer overflow • Used as a prime argument for having capabilities • First appeared in 1988 • Many other attacks can be seen as confused deputy attacks – One example is circumventing a firewall by running traffic through a browser

  4. Cross-site Request Forgery • CDP using a Web browser Web site URL Disguised as <im age> e.g: http:/ / m ail.com / changepw?newpw=hack Login Change PW Resolve Client

  5. CSRF • Cookies and active sessions to other sites can be exploited to execute commands on the client by remote code • Somewhat situational – Requires active session or cookie between the user and the target site – Requires a suitable target command at the target site – The referer header can be checked to avoid this exploit (but this is not always done) – Hidden fields with tokens can be used to avoid this • JavaScript can be used to read information from other open tags • Script languages can be used to send POST

  6. Login CSRF • Cause the victim to log in at a remote site using the attackers credentials • Technically easier that normal CSRF • Opportunities for novel attacks

  7. Cross-site Scripting • 80% of all documented vulnerabilities as of 2007 (according to Wikipedia) • XSS has evolved into meaning injecting e.g. HTML and JavaScript into Web pages • Usually used to steal session cookies • Live example…

  8. XSS • Three types: – Non-persistent: What we just did. – Persistent: Online message boards etc. • Executed more than once – DOM-based: Targeting already existing scripting elements that parse parameters and generate content • Similar to Non-persistent, but can also be used to bypass e.g. client sandboxes • One known weakness was local Firefox error pages

Recommend

Bonus Lecture: Introduction to Reinforcement Learning Garima Lalwani, Karan Ganju and Unnat Jain

Bonus Lecture: Introduction to Reinforcement Learning Garima Lalwani, Karan Ganju and Unnat Jain

Bonus Lecture: Introduction to Reinforcement Learning Garima Lalwani, Karan Ganju and Unnat Jain Credits: These slides and images are borrowed from slides by David Silver and Peter Abbeel 4 Model-free Control 5 Summary Outline 1 RL Problem

1.48k views • 88 slides
Most of the slides are borrowed from the authors original presentation. original

Most of the slides are borrowed from the authors original presentation. original

SEG5010 presentation G RAPH C OMPRESSION AND S UMMARIZATION Wei Zhang Dept. of Information Engineering The Chinese University of Hong Kong Most of the slides are borrowed from the authors original presentation. original presentation.

738 views • 59 slides
IRDS: Bonus Slides Charles Sutton University of Edinburgh Hello there I will not present these

IRDS: Bonus Slides Charles Sutton University of Edinburgh Hello there I will not present these

IRDS: Bonus Slides Charles Sutton University of Edinburgh Hello there I will not present these slides in class. Next lecture we will discuss how to choose features for learning algorithms. This means you need to understand a bit about learning

346 views • 10 slides
INSTRUCTIONS **If you get confused or have a question, come back here to solve it J You will be

INSTRUCTIONS **If you get confused or have a question, come back here to solve it J You will be

INSTRUCTIONS **If you get confused or have a question, come back here to solve it J You will be interpreting expressions from the word problems on the following slides. YOU A U ARE N NOT S SOLVIN ING. G. Are you solving? No J You are

273 views • 12 slides
Bonus * Bonus * Bonus * Bonus * Bonus * Bonus Bonus * Bonus * Bonus * Bonus * Bonus * Bonus + ]

Bonus * Bonus * Bonus * Bonus * Bonus * Bonus Bonus * Bonus * Bonus * Bonus * Bonus * Bonus + ]

Bonus * Bonus * Bonus * Bonus * Bonus * Bonus Bonus * Bonus * Bonus * Bonus * Bonus * Bonus + ] from added O + -1 1 M = 0.1 M = 10 - Suppose you have [H 3 Suppose you have [H 3 O ] from added HCl HCl = 0.1 M = 10 M - ] = 10 ][OH - -1 1 ][OH

497 views • 14 slides
Bonus Plan | 1 | 30/05/2018 | AG Employee Benefits - Trust in Expertise Your Bonus Plan: a

Bonus Plan | 1 | 30/05/2018 | AG Employee Benefits - Trust in Expertise Your Bonus Plan: a

Bonus Plan | 1 | 30/05/2018 | AG Employee Benefits - Trust in Expertise Your Bonus Plan: a Tax-Efficient Way to Reward your Employees Sample Case Comparison based on a gross bonus payment of EUR 10,000 paid out as salary vs in the form of

358 views • 13 slides
New Homes Bonus Stuart Ashworth New Homes Bonus What is New Homes Bonus? - It is money received

New Homes Bonus Stuart Ashworth New Homes Bonus What is New Homes Bonus? - It is money received

New Homes Bonus Stuart Ashworth New Homes Bonus What is New Homes Bonus? - It is money received by the Council for each new home that is brought forward, &amp; long-term empty-homes brought back into use. Extra payment is received for

559 views • 8 slides
Closes December 8 th at 11:59PM Feedback is anonymous 1 Point Bonus on final exam for

Closes December 8 th at 11:59PM Feedback is anonymous 1 Point Bonus on final exam for

Week 16.2, Wed, December 4 th PSOs This Week: Review for Final Exam Practice Final Released Today No class on Friday 1 Please let me know what you liked and what could be improved http://www.purdue.edu/idp/courseevaluations/CE_

293 views • 18 slides
Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

5/7/2012 Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow evening tomorrow evening tomorrow evening Topics were listed in Day 24 slides Some WA9 problems are good reinforcement of exam

362 views • 9 slides
The original problem Let X 1 , . . . , X n be a random sample from a density f 0 in R d . How

The original problem Let X 1 , . . . , X n be a random sample from a density f 0 in R d . How

L OG - CONCAVE DENSITY ESTIMATION WITH APPLICATIONS Co-authors: Y. Chen, M. Cule, L. D umbgen, R. Gramacy, A Kim, D. Schuhmacher, M. Stewart, M. Yuan R. J. Samworth Log-concave densities The original problem Let X 1 , . . . , X n be a

560 views • 45 slides
Capability Based Systems Chester Rebeiro IIT Madras

Capability Based Systems Chester Rebeiro IIT Madras

Capability Based Systems Chester Rebeiro IIT Madras h8ps://homes.cs.washington.edu/~levy/capabook/Chapter1.pdf 1 Confused Deputy Problem A computer program that is fooled into misusing authority leading to a privilege escalaHon Fortran

405 views • 12 slides
Software development at scale Bonus slides: Unseen GoF design patterns (The end) Michael Hilton

Software development at scale Bonus slides: Unseen GoF design patterns (The end) Michael Hilton

Principles of Software Construction: Objects, Design, and Concurrency Software development at scale Bonus slides: Unseen GoF design patterns (The end) Michael Hilton Bogdan Vasilescu School of Computer Science 17-214 1 Administrivia

857 views • 63 slides
y 0.4m x B 2/5/2019 [tsl342 1/69] Intermediate Exam III: Problem #1 (Spring 05) An

y 0.4m x B 2/5/2019 [tsl342 1/69] Intermediate Exam III: Problem #1 (Spring 05) An

Intermediate Exam III: Problem #1 (Spring 05) An infinitely long straight current of magnitude I = 6 A is directed into the plane ( ) and located a distance d = 0 . 4 m from the coordinate origin (somewhere on the dashed circle). The magnetic

1.92k views • 142 slides
Chapter 6: Methods Find the sum of integers from 1 to 10, from 20 to 30, and from 35 to 45,

Chapter 6: Methods Find the sum of integers from 1 to 10, from 20 to 30, and from 35 to 45,

9/21/18 Opening Problem Chapter 6: Methods Find the sum of integers from 1 to 10, from 20 to 30, and from 35 to 45, respectively. CS1: Java Programming Colorado State University Original slides by Daniel Liang Modified slides by Chris Wilcox

316 views • 13 slides
Question: 1 2 3 4 5 Total Points: 12 13 12 4 9 50 SOC 301 - Spring 2017 Midterm Exam

Question: 1 2 3 4 5 Total Points: 12 13 12 4 9 50 SOC 301 - Spring 2017 Midterm Exam

SOC 301 Name: KEY Social Statistics April 11, 2017 Professor Chester Ismay Midterm Exam Read carefully through each problem. Take your time and relax. Please write your name at the top of each page of the exam. You are to work on

172 views • 5 slides
Session / Discussion Overview 2 I. Development Bonus Program (DBP) 3 I.

Session / Discussion Overview 2 I. Development Bonus Program (DBP) 3 I.

Session / Discussion Overview 2 I. Development Bonus Program (DBP) 3 I. Tempe Development Bonus Program, Approach 4 II. Bonus Elements Onsite Improvements I 5 II. Bonus Elements

708 views • 29 slides
Computational Aesthetics CS 294-69 Final Project Armin Samii Tim Althoff Problem Problem

Computational Aesthetics CS 294-69 Final Project Armin Samii Tim Althoff Problem Problem

Computational Aesthetics CS 294-69 Final Project Armin Samii Tim Althoff Problem Problem Problem Problem Some change Original Some change Result Problem Exposure +2 Original Some change Result Problem Exposure +2 Original

383 views • 27 slides
Confused, Timid, and Unstable: Picking a Video Streaming Rate is Hard Five students from Stanford

Confused, Timid, and Unstable: Picking a Video Streaming Rate is Hard Five students from Stanford

Confused, Timid, and Unstable: Picking a Video Streaming Rate is Hard Five students from Stanford Published in 2012 ACMs Internet Measurement Conference (IMC) 23 citations Ahmad Tahir 1/26 o Problem o Background

409 views • 26 slides
HARC0102 Exam 1 Study Slides Study tip: Consider these slides as a window into a larger story .

HARC0102 Exam 1 Study Slides Study tip: Consider these slides as a window into a larger story .

HARC0102 Exam 1 Study Slides Study tip: Consider these slides as a window into a larger story . As you study, be sure to go back to your notes, textbook, and the slide presentations that are on the course site. Look at all the details and

168 views • 15 slides
Career and Technical Education Bonus Program House Select Committee on Education Strategy and

Career and Technical Education Bonus Program House Select Committee on Education Strategy and

Career and Technical Education Bonus Program House Select Committee on Education Strategy and Priorities August 23, 2016 Catherine Moga Bryant Deputy Assistant Secretary, Division of Workforce Solutions Department of Commerce Jo Anne Honeycutt

880 views • 12 slides
Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&amp;W Original

Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&amp;W Original

Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&amp;W Original With Text Picture 1 Picture 2 Combined My Picture Multi-Layers Original Diamond Mask My Short Movie, Starring Tyler Mangini Sources

367 views • 11 slides
Page 2 NAME: Practice Exam 2 Problem 1 (4 points) Use the axioms of probability to prove that P

Page 2 NAME: Practice Exam 2 Problem 1 (4 points) Use the axioms of probability to prove that P

UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN Department of Electrical and Computer Engineering CS 440/ECE 448 Artificial Intelligence Spring 2020 PRACTICE EXAM 2 Actual Exam will be held on Compass, Monday, March 30, 2020 This is will be an

229 views • 21 slides
Review Final exam Final exam will be 11-12 problems, drop any 2 Cumulative up to and including

Review Final exam Final exam will be 11-12 problems, drop any 2 Cumulative up to and including

Review Final exam Final exam will be 11-12 problems, drop any 2 Cumulative up to and including week 13 (emphasis on weeks 10-13: classes &amp; pointers) 2 hours exam time, so 12 min per problem (midterm 2 had 8-ish) Review: Overview

769 views • 39 slides
1 3 D Modeling exam ple: Polygonal Mesh 3 D Effects exam ple: Texturing Original: 424,000

1 3 D Modeling exam ple: Polygonal Mesh 3 D Effects exam ple: Texturing Original: 424,000

2 D Vs. 3 D CS 4 7 3 1 Lecture 2 : 2D: 3 D I ntro to 2 D, 3 D, OpenGL and GLUT ( Part I ) Flat (x,y,z) values on screen (x,y) color values on screen Perspective: objects have distances from viewer Objects no

341 views • 6 slides

More recommend