Emily M. Stark

About:

Personal website of Emily Stark

Website:

emilymstark.com

Specializations:

Web Developer

Outgoing Links:

Matthew Green
Subscribe to RSS:
Link

0The 0.0.0.0 kerfuffle

2024-09-24

The text discusses the evolution of web platform and the introduction of CORS preflight requests to prevent malicious websites from sending requests to devices on the private network. It also addresses the Private Network Access p...

0Why even a little plaintext matters

2024-06-07

The blog post discusses the importance of using HTTPS for every website, even seemingly non-sensitive ones, to protect against malware and exploit delivery. It also addresses the subjectivity of what is considered 'sensitive' and ...

0E2EE on the web: is the web really that bad?

2024-02-09

The author discusses the suitability of the web for implementing end-to-end encryption (E2EE) and compares it to native applications. The post explores the security models of web, mobile, and desktop platforms, highlighting the ch...

0E2EE on the web: isolating plaintext

2023-09-09

The text discusses the challenges of bringing end-to-end encryption (E2EE) to the web, particularly in isolating plaintext in an E2EE application so that it can't be accessed by application code. It also explores the idea of makin...

0Complaints about program committees

2023-09-08

The author discusses her experience serving on program committees at computer security conferences, the review process, and her gripes with the system. She highlights the benefits of serving on program committees and suggests impr...

0EV as a defense against malicious DV

2023-04-01

The text discusses the misconception that EV certificates protect against an attacker who can hijack a domain validation attempt to obtain a malicious DV certificate from a CA. It explains that EV certificates do not protect a web...

0What’s the right UX for an expired certificate?

2023-01-16

The text discusses the reasons behind the severe warning UX for expired certificates, including historical, security, and warning design reasons. It argues that expired certificates should be treated as insecure due to potential s...

0The death of the line of death

2022-12-18

The line of death principle, which separates trustworthy UI from untrusted content, is losing relevance in modern browsers. The concept is subtle, inconsistent, and has been eroded by expanded web and browser features. The web sec...

0Certificate Transparency is really not a replacement for key pinning

2022-08-23

The text discusses the common misconception that Certificate Transparency (CT) is a replacement for HTTP public key pinning (PKP). It compares and contrasts the security models of PKP versus CT, highlighting the differences and si...

0When a web PKI certificate won’t cut it

2021-12-24

The text discusses the challenges of obtaining publicly trusted HTTPS certificates for non-public domain names or private IPs, and the various approaches that have been discussed and/or implemented to address this issue. It covers...