SigInt10: The Fine Art of Hari Kari (.JS)
May 22nd, 2010
No comments
By Dan Kaminsky (@DaKaMi)
In his talk Dan addressed why web security is hard, but he also tries to to come up with solutions.
One of the solutions explorer is referrer checking. If you think you cannot use them because they can be spoofed? No, referrer tags have been pretty much un-spoofable, however, not each and every call to a website contains a referrer header. One of the problems is that security solutions such as Symatec Internet Security strip referrer headers.
Since we cannot rely on the server site to detect this, maybe we should turst the client. Even if common lore says: “thou shall not trust the browser”.
Categories: Conferences, Security, SigINT10, SSL