Outline for November 10, 2003

Reading: Chapters 14.6, 15.2

Discussion Problem

A web site has a form that asks for your mailing address, and sends some information to the address you give it. Recently, an attacker was able to download the web server's logs, containing the user names, IP addresses, and file names that other users accessed. The attacker is known only to have accessed the form on the web page.

  1. How do you think the attacker read the log files?
  2. The site fixed that particular bug, but has since become nervous about people launching denial of service attacks on others through them. Could you use the web form to do this? If so, what could the site do to prevent this?

Outline for the Day

  1. Identity (con't)
    1. Anonymous remailers: pseudonymous, type 1 (cypherpunk) and type 2 (mixmaster)
  2. Access Control Lists
    1. UNIX method

Here is a PDF version of this document.