New Vulnerabilities from next World Wide Web Kudo
New Vulnerabilities from next World Wide Web Kudo AT chroot. org
Outline u What is next WWW ? • From history stories • What’s the problem of current WWW • Introduce to next WWW New vulnerabilities u Demo u Conclusion u
From history stories u The Birth of WWW • In 1980 • By Berners-Lee • Solve the problem of data publishing between different file type. • Make sharing been easier.
From history stories Hypertext u HTML u URI u
From history stories u Web 2. 0 • Users can participate in the web publication. u Decentralization • Blog • Wiki • Community
What’s the problem of current WWW u Data sharing is not easy, especially at uploading
What’s the problem of current WWW Why not use FTP or P 2 P applications for uploading? u YES! But not intuitional u • It has nothing to do with WWW • You should open another window or install other programs. • What you see is lots of filenames, not a good, human nature view
What’s the problem of current WWW • Flickr Uploadr – 3 rd party application u Traditional FTP Client only have filenames view.
What’s the problem of current WWW In WEB 2. 0, it’s also centralize. u Data stores in center servers. u • Although users can participate, but not really own the data. • The long TOS. • The cases of wretch. cc u Personal secret
What’s the problem of current WWW In the other hand, service providers would finally yield themselves to the hardware cost, power cost u Since more and more people would surf the Internet. u How to save or distribute the cost ? u
What’s the problem of current WWW Could we get some idea from our history !? u YES! u
From: http: //www. pro-classic. com/ethnicgv/cmaps/others/ldf 06. htm
From: http: //www. wikilib. com/wiki? title=Image: Qinmap. png&variant=zh-tw
From: http: //www. wikilib. com/wiki? title=Image: Sanguo. jpg&variant=zh-hk
What’s the problem of current WWW u Workstation
What’s the problem of current WWW u PC World
What’s the problem of current WWW u WEB 2. 0 Model
What’s the problem of current WWW u P 2 P !!
Introduce to next WWW Inherit Windows UI/Behavior to WWW u Make users feel identical with local and Web. u • Different files view • Mouse drag More powerful browser u Or user land HTTP server u
Introduce to next WWW u Web + P 2 P • Share the duplicated data • Been relay for other people when they are offline u Applications • Photos • Video/Audio • E-Mail attachment
Introduce to next WWW u Possible bottleneck • Bandwidth • SPAM / SEX • Copyright • Security
New Vulnerabilities Inherit Windows UI/Behavior to WWW u In traditional/general Web programming, we cannot access local file system data (except upload form) u • HTML • Java script • AJAX
New Vulnerabilities u We need more powerful browser • Can access local file system data • File operation transforms to upload forms u It’s traditional CGI Security. • A more powerful client side script than Java. Script Malicious script u Gain your administrator u Copy malicious executables to your computer u
New Vulnerabilities u Web + P 2 P • You might store relay data from other people in your computer • You can extract these data A protected place in your computer, you cannot access there u Encryption u
New Vulnerabilities How could we do ? u Securely develop u Malicious script detection u
Demo NUWeb u Integrate WWW with local file system u User land HTTP Server u User land mplayer u User land Web application u • PHP Script … u… u
Demo
Demo
Demo Allpeers u Parakey u
Conclusion After Web 2. 0, there must be something u We provide some idea and forecast some potential security issue u Sorry that we have no more appropriate demonstrations, since the times is not going there u
Thanks Q&A Time
- Slides: 31