Problem Set 2 Q3/4

Here are a bunch of links related to Question 3 and 4 in Problem Set 2.


  • Firesheep

    It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

  • A video demo of Firesheep.
  • Implications of Firesheep on Facebook and Twitter.

DNS Cache Poisoning:

  • Angry Bird Website Defaced

    Angry Birds developer Rovio has confirmed its website was briefly hijacked, most likely by hackers who managed to tamper with domain name system settings that ultimately control what server receives requests for a particular domain name.

  • DNS Cache Poisoning Used in Brazilian Phishing Attack

    According to Zscaler, attackers managed to force several DNS servers to resolve to an IP address under their control.

    The spoofed page hosted on the rogue web server was very well crafted and looked identical to the real one.

Finally, a report from last month shows that many DNS servers remains insecure.

  • Half the internet lacks DNS security extensions

    Just under half of the internet (47 percent) remains insecure insofar as many top level domains (TLDs) have failed to sign up to use domain name system security extensions (DNSSEC), including intensive internet using countries such as Italy (.it), Spain (.es) and South Africa (.za), leaving millions of internet users open to malicious redirect to fake websites, reports Ultra Electronics AEP.

Problem Set 2

We will discuss Problem Set 2 during the tutorial sessions of Week 4. Download the PDF version of Problem Set 2 here. Please attempt the questions before coming to class and be prepare to present your solutions. During Week 4, if time permits, you will have an opportunity to ask and discuss any doubt that you may have from DIY Exercise 1. Please attempt the exercise before coming to class next week.