Rahil Arora

Security | Fitness | Mindfulness

A Sad Story of SSL

01 November 2015

Back when I was pursuing my Master’s, I gave a small presentation on how SSL/TLS protocol has been affected by various protocol specific attacks, how these issues have been patched, and, most importantly, what could have prevented SSL/TLS from these attacks. I tried explaining these issues in the form a “story”. Since I’ve not been able to write anything new, I thought it’d be a good idea to share this presentation here. Here is the presentation (MS office online got...

Read More

Same-Origin Policy & the Ways Around

28 June 2015

Same Origin Policy is one of the most important security concepts implemented in all modern browsers. It is a set of mechanisms which control how a script loaded from one origin can interact with a resource from another origin. Mozilla Developer Network provides a good summary of Same Origin Policy. It permits an origin to send information to another origin, but does not permit an origin to receive information from another origin. In short, it controls the interactions between...

Read More

Security is all about Context

19 April 2015

Since this is my first security related blog post (ever), I would like to write about one of the most important things that I learnt during my grad school: security is all about context. This is exactly one of those important lessons that we learn, as a student, and don’t realize their importance until we apply them to the real world problems. It has been almost 3 months since I’ve started working as a full-time Security Consultant, and I’ve already...

Read More

Hello World!

07 January 2015

Hola amigos!

This is just a cliché hello world! post. To know about me and why I’ve started this website, please visit the about section. I wanted to start my blog with a technical (security related) post, but I’ve not been able to read anything interesting, as I’m currently enjoying most of my time with my family in India. Anyways, I’ll just give a quick introduction to what you can expect from the website.

This site is an attempt...

Read More