I work on socio-technical security and privacy: how technology acts as an amplifier to make security and privacy more difficult and interesting. My interests are both in exploiting Internet technologies and also fixing them. I've worked on things like Do Not Track, Anti-Phishing measures, junk email, and web application security. My current focus is trying to figure out how to match up consumer expectation with behaviors of the online marketplace.
What is Cross-Site Scripting? Why does it exist? Why is it still a problem? This talk explains this class of security problems in the web and explores a technology called Content Security Policy that can help prevent these problems. But it's not a panacea, and this talk also explores why CSP is not sufficient.
This talk recounts some stories of security problems in Mozilla's past and examines the current state of security and privacy in Firefox. It also describes the future of the Web browser, covering Mozilla's plans for upcoming releases and examining some questions in Web security and privacy that don't yet have answers.
The browser as a protector: securing your private data, web sites, your platform and third party features. This talk discusses what we do in Firefox to help ensure users' security, and some efforts we're making at Mozilla to add to the security and privacy of the web.
The state of the art in Phishing and Pharming (online identity fraud), why current countermeasures fail, the human factor, and the future of phishing and pharming.
Web Application abuses, especially to compromise routers and screw with DNS.
Discussion of my recent phishing work.
Private polling using playing cards and other secure protocol visualizations.
How do new developments in Java 1.5 affect Advanced Placement CS Curriculum?
How do you keep students interested? Based on my Mixed Nuts paper.