Speaker Schedule

September 24th, 2008

  • Organizational meeting: Speaker sign up

October 1st, 2008

  • Speaker: Collin Jackson
  • Title: Robust Defenses for Cross-Site Request Forgery
  • Abstract: Cross-Site Request Forgery (CSRF) is a widely exploited web site
    vulnerability, but none of the three major CSRF defenses are
    satisfactory and many web sites neglect to prevent login CSRF. In a
    login CSRF attack, an attacker uses the victim's browser to forge a
    cross-site request to the honest site's login URL, supplying the
    attacker's user name and password. This forged request can disrupt the
    integrity of the session and enable theft of confidential information.

    Although the HTTP "Referer" header could be used as an effective
    general CSRF defense, our experiments indicate that the header is
    widely blocked at the network layer due to privacy concerns. Our
    experimental data shows, however, that the header can be used today as
    a reliable CSRF defense over HTTPS, which is ideal for login CSRF
    prevention. For the long term, we propose and implement the Origin
    header, which provides the security benefits of the Referer header
    while responding to privacy concerns. We also discuss defenses for
    session initialization attacks and "clickjacking."
  • Joint work with: Adam Barth and John C. Mitchell.

October 8th, 2008

  • Speaker: Peifung Eric Lam
  • Title: Introduction to OpenID and Information Cards
  • Abstract:This talk provides an introduction to the OpenID security protocol and the Information Card identity system. OpenID is a single sign-on
    protocol that is gaining some popularity on the Internet, particularly
    on blogging sites. Information Card is a way of representing identities
    using digital photo identity cards, and has gained support in certain
    corporations and open source communities. This talk will focus on the
    architectural components of these technologies.

October 15th, 2008

  • Speaker: David Freeman

October 22nd, 2008

  • Speaker: Unclaimed

October 29th, 2008

  • Speaker: Unclaimed

November 5th, 2008

  • Speaker: Shweta

November 12th, 2008

  • Speaker: Hristo

November 19th, 2008

  • Speaker: Ankur

November 26th, 2008

  • No lunch this week due to Thanksgiving break

December 3rd, 2008

  • Speaker: Mike Hamburg

Related Links