3 Serious Flaws in

Anonymity Protocol with Identity Escrow and Analysis in the Applied n-Calculus

Anonymity with identity escrow attempts to allow users of a service to remain anonymous, while providing the possibility that the service owner can break the anonymity in exceptional circumstances, such as to assist in a criminal investigation. A protocol for achieving anonymity with identity escrow has been presented by Marshall and Molina-Jiminez. In this paper, we show that protocol suffers ...

Intercepting Mobile Communications: The Insecurity of 802.11 —DRAFT—

The 802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, used to protect link-layer communications from eavesdropping and other attacks. We have discovered several serious security flaws in the protocol, stemming from misapplication of cryptographic primitives. The flaws lead to a number of practical attacks that demonstrate that WEP fails to achieve its sec...

Users' guide to detecting misleading claims in research: misleading claims may be symptom of even more serious flaws.

The Fall of a Tiny Star

This short paper gives a combined technical-historical account of the fate of the world’s most-used contactless smart card, the MIFARE Classic. The account concentrates on the years 2008 and 2009 when serious security flaws in the MIFARE Classic were unveiled. The story covers, besides the relevant technicalities, the risks of proprietary security mechanisms, the rights and morals wrt. publishi...

Protection of Web Applications from Cross-Site Scripting Attacks in Browser Side

Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials.Cross-Site scripting Flaws occur when accessing information in intermediate trusted sites. Client side solution ...