Brian Ristuccia will be presenting a cross-host authentication system for Intranets and large multihost web sites which allows users to authenticate securely with multiple potentially rogue remote sites using the same login and password. The system works with unmodified versions of almost every web browser including Netscape Communicator, Internet Explorer, Mozilla, Lynx, and w3m. Also, discussion about how malicious hyperlinks and scripts in on third party web sites, HTML email messages, IRC, and messaging clients can be employed to abuse other already authenticated sessions in popular browsers and how sites can defend against these attacks.
Brian Ristuccia spoke on circumventing censorware, filtering proxies, and government firewalls at last year's RootFest. Brian has been continually involved in anti-censorship and computer security research since 1994, and has published software and instructions for disabling the integrated PICS censorware in popular web browsers. He is an undergraduate computer science student at the University of Massachusetts Lowell and an employee of Nortel Networks.
# Redirect 401's to the nph-401, which will actually do a 302 -> # login.978.org ErrorDocument 401 /nph-401.cgi <Location / > AuthType Basic AuthName "978 Events Page" AuthDBUserFile /home/osiris/978/html/login/authdb/events.978.org require valid-user AuthCookieName tollhouse </Location> <Location /nph-401.cgi> Allow From All Satisfy Any </Location>