BrianR's Trip to Rootfest 2000

Summary

Brian Ristuccia will be presenting a cross-host authentication system for Intranets and large multihost web sites which allows users to authenticate securely with multiple potentially rogue remote sites using the same login and password. The system works with unmodified versions of almost every web browser including Netscape Communicator, Internet Explorer, Mozilla, Lynx, and w3m. Also, discussion about how malicious hyperlinks and scripts in on third party web sites, HTML email messages, IRC, and messaging clients can be employed to abuse other already authenticated sessions in popular browsers and how sites can defend against these attacks.

Brian Ristuccia spoke on circumventing censorware, filtering proxies, and government firewalls at last year's RootFest. Brian has been continually involved in anti-censorship and computer security research since 1994, and has published software and instructions for disabling the integrated PICS censorware in popular web browsers. He is an undergraduate computer science student at the University of Massachusetts Lowell and an employee of Nortel Networks.

Photos

Software

Apache Configuration Stuff

# Redirect 401's to the nph-401, which will actually do a 302 ->
# login.978.org
ErrorDocument 401 /nph-401.cgi

<Location / >
 AuthType Basic
 AuthName "978 Events Page"
 AuthDBUserFile /home/osiris/978/html/login/authdb/events.978.org
 require valid-user
 AuthCookieName tollhouse
</Location>

<Location /nph-401.cgi>
 Allow From All
 Satisfy Any   
</Location>