BoF session on Web user authentication at USENIX (fwd)

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Maggio 2002 ml@sikurezza.org
Soggetto: BoF session on Web user authentication at USENIX (fwd)
Mittente: Igor Falcomata'
Data: 2 May 2002 12:01:16 -0000

Vi pregherei di sostituire, quando forwardate qualcosa, o di istruire il
vostro mailer (nella stringa di replay) per rimuovere l'indirizzo nella
forma tizio@indirizzo.com e metterlo nella forma tizio dot indirizzo.com o
tizio<at>indirizzo.com. Ci sono un sacco di spambot in giro che attingono da
questi indirizzi come orsi sul miele.

thnx
Koba (moderatore)

--- Enclosed, please find the posted message.
Date: Tue, 30 Apr 2002 11:24:32 +0200 (MET DST)
From: Giorgio Zoppi <zoppi<at>cli.di.unipi.it>
To: ml<at>sikurezza.org
Subject: BoF session on Web user authentication at USENIX (fwd)

Per chi sta pianificando autenticazioni web "lo famo strano".....

---------- Forwarded message ----------
Date: Mon, 29 Apr 2002 17:06:43 -0400
From: Kevin Fu <fubob<at>MIT.EDU>
To: webappsec<at>securityfocus.com
Subject: BoF session on Web user authentication at USENIX

Hi there,

[Here's some follow-up to a paper on Web user authentication.  I
thought you might be interested.]

Last year's "Dos and Don'ts of Client Authentication of the Web" paper
<http://pdos.lcs.mit.edu/cookies/> discussed breaks of several flawed
Web user authentication schemes and offered advice on improving user
authentication.

Recognizing that there is rarely any in-person communication between
developers of Web authentication systems, we invite you to attend a
Birds-of-a-Feather (BoF) session at the USENIX Annual Technical
Conference in Monterey, CA on June 13.

The Web user authentication BoF will be an informal gathering to share
lessons learned and to help tear down technical, social, and political
roadblocks to better authentication.  We hope to discuss best
practices to reduce the number of cryptographically insecure schemes
re-invented by countless Web sites.

Interested parties may include those who:

* Recently implemented a homebrew cookie authentication scheme
* Needlessly re-invented an insecure cookie authentication scheme
* Cannot require users to have of secure physical tokens, browser
   plugins, or SSL client certificates without losing Web site patrons
* Are financial institutions offering online account access
* Rely on co-located Web servers to authenticate users
* Sell access-controlled Web content
* Personalize content
* Cope with multiple interacting (incompatible?) security systems for
   user authentication
* Care about privacy of personalized Web services
* Have other gripes about user authentication on the Web

Who:   The MIT Cookie Eaters <http://pdos.lcs.mit.edu/cookies/> and you

What:  Improving the security of user authentication on the Web

Why:   To discuss methods and best practices to improve the security of
       user authentication, especially with respect to cookie
       authenticators and session IDs.

Where: USENIX Annual Technical Conference 
       <http://www.usenix.org/events/usenix02/>;
       Doubletree Hotel, Bonsai 2 Room; Monterey, CA

When:  Thursday, June 13, 2002 6-7pm

Feel free to redistribute this email in any forum you feel is
appropriate.

--------
Kevin E. Fu (fubob<at>mit.edu)



----- End forwarded message -----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: Re: programmazione web "sicura", Piermaria Maraziti
- successivo: Re: sshd, logging, accounting, blitzkrieg
- indice

Argomento:
- precedente: Honeynet Project -> The Reverse Challenge (fwd), Giorgio Zoppi
- successivo: Informazione, Raistlin
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005