0000000000222475

AUTHOR

Karlis Podins

showing 3 related works from this author

Security Implications of Using Third-Party Resources in the World Wide Web

2018

Modern web pages have nothing in common with the static connotation coming from the word “page” - it is a dynamic unique experience created by active content and executed within browser, just-in-time assembled from various resources hosted on many different domains. Active content increases attack surface naturally exposing users to many novel threats. A popular security advice has been to deploy active content blocker plugins like NoScript, unfortunately they are not capable to effectively stop the attacks. Content Security Policy (CSP) can be effective against these attacks, but we demonstrate how poor decisions made by website administrators or external resource hosters can render CSP in…

World Wide WebScripting languageComputer scienceCross-site scriptingWeb pageMalwareAttack surfaceContent Security Policycomputer.software_genreSecurity policycomputerVulnerability (computing)2018 IEEE 6th Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE)
researchProduct

Privacy violations in Riga open data public transport system

2016

Over the recent years public transportation systems around the world have been migrating to digital ticketing solutions. This paper investigates security and privacy aspects of the one such system implemented by Riga municipality called e-talons by analysing published open data containing ride registrations.

Information privacyEngineeringPrivacy by Designbusiness.industryPrivacy softwareInternet privacyComputer securitycomputer.software_genreEncryptionOpen dataPublic transportAlgorithm designbusinesscomputer2016 IEEE 4th Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE)
researchProduct

Low-cost active cyber defence

2014

The authors of this paper investigated relatively simple active strategies against selected popular cyber threat vectors. When cyber attacks are analysed for their severity and occurrence, many incidents are usually classifi ed as minor, e.g. spam or phishing. We are interested in the various types of low-end cyber incidents (as opposed to high-end state- sponsored incidents and advanced persistent threats) for two reasons: • being the least complicated incidents, we expect to fi nd simple active response The authors analysed the proposed strategies from the security economics point of view to determine why and how these strategies might be effective. We also discuss the legal aspects of th…

Computer sciencebusiness.industryInternet privacybusinessComputer securitycomputer.software_genrePhishingcomputerCyber threats2014 6th International Conference On Cyber Conflict (CyCon 2014)
researchProduct