Eikonal Blog


List of historic physics papers available on the web



More papers at http://dieumsnh.qfb.umich.mx/archivoshistoricosMQ/:

Web-Cookies Security

Best practices

  • For the most secure result, the standard session management cookie should be a “session” cookie that expires as soon as the Web browser is closed. Furthermore, the server should enforce a fairly short maximum lifetime on sessions even if the browser remains open. (source: [2])

Session tracking mechanisms


  • Evercookies – http://samy.pl/evercookie/
      Following session (cookie-like) information can be stored:

      • Standard HTTP Cookies
      • Local Shared Objects (Flash Cookies)
      • Silverlight Isolated Storage
      • Storing cookies in RGB values of auto-generated, force-cached
      • PNGs using HTML5 Canvas tag to read pixels (cookies) back out
      • Storing cookies in Web History
      • Storing cookies in HTTP ETags
      • Storing cookies in Web cache
      • window.name caching
      • Internet Explorer userData storage
      • HTML5 Session Storage
      • HTML5 Local Storage
      • HTML5 Global Storage
      • HTML5 Database Storage via SQLite
      • Caching in HTTP Authentication
      • Using Java to produce a unique key based off of NIC info

  • Google search – http://www.google.com/search?q=evercookie

Testing security of web services (Web services security testing)

Problem with importing the client-side SSL certificate into Firefox

Filed under: infosec, it — Tags: , , , — sandokan65 @ 11:47

Browser version: Firefox 3.6.12 with numerous add-ons.

Take One: Miserable Failure

Open: Tool > Options > Advanced > Encryption (tab)

Open; View Certificates > Your Certificates

You should be on “Your Certificates” tab.

Press “Import” button.Browse to the directory where the certificate file is located. Choose it.

Following error message appears:

Take Two: Solution

A suggestion from some web discussion forum (https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/198841) said that the “Torbutton” extension may be a cultprit.

First disable Torbutton. Open Tools > Add-ons > Extensions.

Browse down to Torbutton item

and choose “Disable”

Restart Firefox.

When it comes back, attemp to load the certificate. This time it succeeds, prompting you for the certificate’s password:

Enter the password and pres OK button.

The confirmation message is displayed:

And then the certificate is listed in the local certificate store:

One can look at the details of that certificate:

Related local content: Installing SSL certificates – https://eikonal.wordpress.com/2010/12/01/installing-ssl-certificates/.

Blog at WordPress.com.