Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
When Alice initiates communication with the website foo.com, foo.com sends Alice the site’s certificate. Which of the following statements is true about this certificate? The certificate includes foo.com’s private key, signed by the CA’s public key. The certificate includes foo.com’s public key, signed by the Alice’s private key. The certificate include’s foo.com’s public key, signed by the CA’s private key. The certificate includes foo.com’s public key, signed by foo.com’s private key.  8) Suppose the private key for http://www.goldieswebstore.com has been compromised. Suppose the webmaster reissues the certificate but does not revoke the compromised one. Describe a feasible attack that the person who compromised the private key could carry out. 6) Suppose the website https://identityprovider.utulsa.edu sets a login cookie called auth-user with domain = .utulsa.edu and path = / after a user successfully logs into the system.   Suppose that https://hacked.utulsa.edu falls under the control of the attacker. Can an attacker controlling https://hacked.utulsa.edu obtain the auth-user cookie in order to impersonate the user? If YES, explain how. If NO, explain why not. Can an attacker controlling https://hacked.utulsa.edu overwrite the auth-user cookie? Answer YES or NO. Referring to Question 5, why or why not? Here is the question 5 for referring but not need to answer for below question: For Questions 3-5, suppose the following cookies, each named cid, have been set. C1: value = a2, domain = x.y.com, path = /, non-secure C2: value = b5, domain = .y.com, path = /, secure C3: value = b8, domain = .y.com, path = /foo/, non-secure 5) Suppose an attacker has taken control of http://hackedserver.y.com. List each of the cookies C1, C2, C3 that the attacker can overwrite with value = evildoer.

When Alice initiates communication with the website foo.com, foo.com sends Alice the site’s certificate. Which of the following statements is true about this certificate? The certificate includes foo.com’s private key, signed by the CA’s public key. The certificate includes foo.com’s public key, signed by the Alice’s private key. The certificate include’s foo.com’s public key, signed by the CA’s private key. The certificate includes foo.com’s public key, signed by foo.com’s private key.  8) Suppose the private key for http://www.goldieswebstore.com has been compromised. Suppose the webmaster reissues the certificate but does not revoke the compromised one. Describe a feasible attack that the person who compromised the private key could carry out. 6) Suppose the website https://identityprovider.utulsa.edu sets a login cookie called auth-user with domain = .utulsa.edu and path = / after a user successfully logs into the system.   Suppose that https://hacked.utulsa.edu falls under the control of the attacker. Can an attacker controlling https://hacked.utulsa.edu obtain the auth-user cookie in order to impersonate the user? If YES, explain how. If NO, explain why not. Can an attacker controlling https://hacked.utulsa.edu overwrite the auth-user cookie? Answer YES or NO. Referring to Question 5, why or why not? Here is the question 5 for referring but not need to answer for below question: For Questions 3-5, suppose the following cookies, each named cid, have been set. C1: value = a2, domain = x.y.com, path = /, non-secure C2: value = b5, domain = .y.com, path = /, secure C3: value = b8, domain = .y.com, path = /foo/, non-secure 5) Suppose an attacker has taken control of http://hackedserver.y.com. List each of the cookies C1, C2, C3 that the attacker can overwrite with value = evildoer.

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question

7) When Alice initiates communication with the website foo.com, foo.com sends Alice the site’s certificate. Which of the following statements is true about this certificate?

  1. The certificate includes foo.com’s private key, signed by the CA’s public key.
  2. The certificate includes foo.com’s public key, signed by the Alice’s private key.
  3. The certificate include’s foo.com’s public key, signed by the CA’s private key.
  4. The certificate includes foo.com’s public key, signed by foo.com’s private key. 

8) Suppose the private key for http://www.goldieswebstore.com has been compromised.

Suppose the webmaster reissues the certificate but does not revoke the compromised one. Describe a feasible attack that the person who compromised the private key could carry out.

6) Suppose the website https://identityprovider.utulsa.edu sets a login cookie called auth-user with domain = .utulsa.edu and path = / after a user successfully logs into the system.

 

  1. Suppose that https://hacked.utulsa.edu falls under the control of the attacker. Can an attacker controlling https://hacked.utulsa.edu obtain the auth-user cookie in order to impersonate the user? If YES, explain how. If NO, explain why not.
  2. Can an attacker controlling https://hacked.utulsa.edu overwrite the auth-user cookie? Answer YES or NO. Referring to Question 5, why or why not?

Here is the question 5 for referring but not need to answer for below question:

For Questions 3-5, suppose the following cookies, each named cid, have been set.

C1: value = a2, domain = x.y.com, path = /, non-secure

C2: value = b5, domain = .y.com, path = /, secure

C3: value = b8, domain = .y.com, path = /foo/, non-secure

5) Suppose an attacker has taken control of http://hackedserver.y.com. List each of the cookies C1, C2, C3 that the attacker can overwrite with value = evildoer.

Expert Solution
Step 1

  1. The certificate includes foo.com’s public key, signed by the CA’s private key.

  2. If the webmaster reissues the certificate but does not revoke the compromised one, the attacker who compromised the private key could carry out a man-in-the-middle (MITM) attack. The attacker could intercept and read any data exchanged between the server and clients, including sensitive information such as passwords, credit card numbers, and personal data. The attacker could also impersonate the server and send fake responses to clients.

trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Network Protection Strategies
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS