CS338 Computer Security
Wednesday, 1 November 2023

+ ARP poisoning
- Sorry about confusing questions near the end of the assignment
- Making sense of the Wireshark observations
- Thinking in terms of sequence of events and
    interaction diagrams
- My many follow-up questions

+ Try these
- How can a server use cookies to keep you logged in?
    - Case 1: no info stored server-side between client requests
    - Case 2: info can be stored in a server-side DB

- How can organizations use cookies to track your activity
    on a diverse set of websites?
    - which organizations/entities are involved?
    - who has what data?
    - when you're on a website, what data does its JS code 
        have access to?

+ OWASP Top 10

+ Next up
- short lab on cross-site scripting
- Ken Thompson's "Reflections on Trusting Trust"
- next week: a realistic attack on a badly coded website