event

Cybersecurity Lecture Series with Nick Nikiforakis

Primary tabs

"Security and Privacy Issues of Modern Web Browsers"
 

The modern web, as users experience it, bears little resemblance to the original world wide web invented by Tim Berners-Lee. Static, stateless, HTML pages with text and the occasional pixelated images gave way to dynamic, stateful, TLS-protected Web 2.0 pages where the expressiveness of JavaScript and the ever expansion of HTML5 APIs enable users to spend the vast majority of their time within a browser, with little need for traditional installed applications. As we keep on adding new features to modern browsers we are also invariably increasing their attack surface.

In this talk, we are going to present three recent results of our group on the security and privacy of modern web browsers. On the security front, we will discuss the idiosyncrasies of mobile web browsers and show that they are vulnerable to attacks that were never an issue on traditional desktop platforms. We will present the results of analyzing over 2,000 versions of mobile browsers, spanning five years and 128 browser families, and show that mobile browsers are becoming more vulnerable to certain classes of attacks with each passing year. On the privacy front, we focus on the extension systems of modern browsers and show that browser extensions can be abused to fingerprint users against their will and identify their socioeconomic status and political inclinations. Finally, we will present our analysis of PII-leaking extensions, where we find that popular browser extensions, whether on purpose or by accident, leak a user's browsing-history to multiple third-party servers.

Register to attend

 

Nick Nikiforakis, Ph.D., is an assistant professor in the Department of Computer Science at Stony Brook University. He is the director of the PragSec lab where students conduct research in all aspects of pragmatic security and privacy including web tracking, mobile security, DNS abuse, social engineering, and cyber crime. He has authored more than 50 academic papers and his work often finds its way to the popular press including TheRegister, SlashDot, BBC, and Wired. For his work, he received an Honorable Mention Award from PETS 2016 and a Distinguished Paper Award from NDSS 2017. His research is supported by the National Science Foundation and the Office of Naval Research and he regularly serves in the Program Committees of all top-tier security conferences.

 

Organized by the Institute for Information Security & Privacy, the free and open-to-the-public Cybersecurity Lecture Series meets throughout the fall each Friday at Noon on the Georgia Tech campus, August – December. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research.

Receive future schedule updates

Status

  • Workflow Status:Published
  • Created By:Tara La Bouff
  • Created:08/28/2017
  • Modified By:Tara La Bouff
  • Modified:08/28/2017

Keywords