Security Theater

Coming up: Website Security, New Zealand Style

Electrical Engineering Labs Building (חשמל מעבדות), Room 146 ^{Join us virtually!}

Sunday, June 3, 2:00pm

An Embarrassingly Simple Solution to the Problem of Protecting Browser Users

Abstract: Web browsers currently do virtually nothing to proactively protect users from malicious web sites. Whether a site has a certificate or not is largely irrelevant, blacklists react too slowly to catch anything but inept phishers, and beyond these security-theatre defences there's nothing available. As a result a browser will happily take a user to an obviously-phishy fake banking site and run evidently malicious Javascript to inject a drive-by download onto their PC.

Building on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice, and how similar principles could be used as part of at an embarrassingly simple risk-mitigation strategy that helps protect browser users from malicious web sites.

Speaker Bio: Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption including the X.509 Style Guide for certificates, and is the author of the open source cryptlib security toolkit. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about PKIs and the lack of security usability.

Recorded at Shmoocon 2012, Washington DC, January 27, 2012 http://www.shmoocon.org/shmoocon_2012

• To join the Security Theater Announcement mailing list, please mail the words "subscribe theater" to Yossi Oren at y|o|s|@e|n|g|.t|a|u|.a|c|.i|l|

About the Security Theater

"Security Theater" is a weekly event where we will view a security-related video and then hold a discussion. The event is open to all security-loving students, staff, faculty members and guests of TAU.

Registration is not compulsory, but seminar attendance credits will be granted to M.Sc. and Ph.D. students who do register.

The Security Theater is organized by the TAU Computer Network and Security Lab. Refreshments are generously provided by the Check Point Institute for Information Security.

To vote on the next movie we're going to see (or suggest one of your own), please visit the Security Theater Google Moderator site.

Venue

Videotaped lectures are held every Sunday in Room 146 of the Wolfson Electrical Engineering - Lab building (חשמל מעבדות) in Tel-Aviv University, on the first floor above the the brown revolving doors (building 35 in this map).

Occasional live meetings are held in Room 011 of the Wolfson Electrical Engineering - Classroom building (חשמל כיתות) in Tel-Aviv University, on the ground floor directly to the right of the white revolving doors (building 37 in this map).

You can also watch the video and participate in the discussion remotely - click here

Past and Future Events

An archive of past events is available at the Security Theater mailing list archive.
Here are some upcoming events:

Contact