Postcards from the post-HTTP world: Amplification of HTTPS vulnerabilities in the web ecosystem

HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that ensures the confidentiality and integrity of communication and enables client/server authentication. However, HTTPS is based on the SSL/TLS protocol suites that have been shown to be vulnerable to various attacks in the years. This has required fixes and mitigations both in the servers and in the browsers, producing a complicated mixture of protocol versions and implementations in the wild, which makes it unclear which attacks are still effective on the modern Web and what is their import on web application security. In this paper, we present the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities. We specify attack conditions against TLS using attack trees and we crawl the Alexa Top 10k to assess the import of these issues on page integrity, authentication credentials and web tracking. Our results show that the security of a consistent number of websites is severely harmed by cryptographic weaknesses that, in many cases, are due to external or related-domain hosts. This empirically, yet systematically demonstrates how a relatively limited number of exploitable HTTPS vulnerabilities are amplified by the complexity of the web ecosystem

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability

Distance sampling effectively monitored a declining population of Italian roe deer Capreolus capreolus italicus

n/

The nutritional carrying capacity of four mediterranean habitats for fallow deer (Dama Dama)

Une évaluation de la valeur trophique des aliments les plus consommés par le daim dans un paysage côtier méditerranéen (Rubus ulmifolius, Cistus salvifolius, Phyllirea latifolia, Quercus ilex et graminoïdes) a été menée, basée sur des essais de digestibilité in vitro effectués tout au long de l'année (un jeu d'échantillons par saison) à l'aide d'inocula de rumen de daims sauvages de la Réserve de Castelporziano, prélevés en même temps que les échantillons végétaux. En outre, des coefficients de digestibilité in vivo ont été estimés à l'aide d'aliments standards pour daim de digestibilité in vivo connue. Ces coefficients de digestibilité ont permis de calculer le rendement en énergie métabolisable des items alimentaires. Les informations sur les biomasses végétales, la structure des populations de daim, les rendements en énergie métabolisable, les estimations de prises alimentaires et les besoins énergétiques, ont été combinées pour utiliser le modèle de Hobbs & Swift (1985) et estimer la capacité limite alimentaire de quatre habitats méditerranéens typiques (boisements sempervirents naturels de chênes, maquis, plantations mixtes de Quercus ilex et Pinus pinea, pâturages). Les situations les plus favorables se présentent au printemps alors qu'en été, automne et hiver, les capacités limites ne sont que de 15-20 daims/100 ha. Les plantations mixtes de Pinus pinea et Quercus ilex réuniraient les conditions les plus productives pour le daim

A case of insect colonization before the death

Forensic entomology is a branch of forensic science in which insects are used as evidence in legal investigations relating to humans, domestic animals and wildlife. One of the theoretical pillars on which the discipline is based concerns the fact that flies colonize a body after death. However in cases of myiasis, maggots are present before death, with consequences in the correct estimation of the minimum postmortem interval (mPMI). We report here the case of a woman, largely colonized by fly larvae, who has lain alive in her garden for four days prior to being rescued. Larvae were found on the conjunctivae, the bronchi, the rectum and vagina. The woman's death, two months later, was caused by tetanus. The consequences of myiasis on mPMI estimation are here discussed. In fact, despite she was still alive larvae, indicated and estimated age of 1.5–2.5 days, based on environmental and body temperature

Neutron emission in Ni-H systems

In this paper evidence is reported for neutron emission during energy production in Ni-H systems at about 700 kelvin. Neutrons were detected directly by He3 counters and indirectly by gold activation