28 research outputs found

    Analysis of the adoption of security headers in HTTP.

    Get PDF
    With the increase in the number of threats within Web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This paper analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: Content Security Policy (CSP); Public Key Pinning Extension for HTTP (HPKP); HTTP Strict Transport Security (HSTS) and HTTP Header Field X-Frame-Options (XFO), in order to understand the impact that these options have on the most popular Web sites.The results show that, while the implementation of the parameters are increasing, they are still not implemented on many of the top sites. Along with this the paper shows the profile of adoption of Let’s Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers

    Cryptography across industry sectors

    No full text
    Security adoption varies across industry sectors, where some companies such as Google, Apple and Microsoft are strong advocates of the adoption of HTTPS, while other companies, especially for news sites, have weak adoption. This paper provides a sample analysis of the Top 500 Websites within Alexa Top 1 Million sites for industry sectors, and analyses their HTTP responses, such as in the cryptography methods used and the usage of Content-Security-Policy. It concludes that the adoption of security is strongest within Computers industry sector, while it is much weaker within News and Sports. The paper also shows that the most popular method for creating a Secure Socket Layer tunnel is Elliptic Curve Diffie–Hellman with RSA for the key exchange, 256-bit AES GCM for the encryption of the stream and 384-bit SHA for hashing. It does highlight worrying signs of the usage of wellknown weak cryptography methods, such as for Diffie–Hellman, RC4, MD5 and DES. With the adoption of the Let’s Encrypt digital certificate, the paper shows that the industry sector that has most traction is in Adult sites, and its adoption is much lower in more business-focused industry areas

    Carter-Ruck on libel and privacy

    No full text
    Carter Ruck on Libel and Privacy is the fully revised and renamed edition of this leading volume on the law governing publication and private interests. It offers comprehensive coverage of the substantive laws of defamation and privacy in England and Wales, details the legal practice and procedure in those areas, and gives an account of the comparable laws in over 60 other jurisdictions. Andrew Scott authored six chapters in the entirely new part on privacy law. These focus on the themes of 'privacy and publication'; 'misuse of private information: the reasonable expectation of privacy'; 'misuse of private information: the ultimate balancing test'; 'remedies for misuse of private information'; 'harassment', and 'data protection'

    Lesson ideas and activities for teaching decimals

    No full text
    Copyright confirmation in progress. Any queries to [email protected] information regarding the book is available at http://staff.edfac.unimelb.edu.au/~kayecs/projects/decprojlink.htmThe Department of Science and Mathematics Education has produced this booklet to assist teachers with students learning to work confidently with decimal numbers. It contains many classroom activities that will motivate and engage students making the teaching and learning of decimals both enjoyable and effective
    corecore