Sciweavers

ACNS
2003
Springer

Trust on Web Browser: Attack vs. Defense

14 years 4 months ago
Trust on Web Browser: Attack vs. Defense
This paper proposes a browser spoofing attack which can break the weakest link from the server to user, i.e., man-computerinterface, and hence defeat the whole security system of Internet transaction. In this attack, when a client is misled to an attacker’s site, or an attacker hijacks a connection, a set of malicious HTML files are downloaded to the client’s machine. The files are used to create a spoofed browser including a faked window with malicious event processing methods. The bogus window, having the same appearance as the original one, shows the “good” web content with “bad” activities behind such as disclosing password stealthily. Once the attack is mounted, even a scrupulous user will trust the browser that is fully controlled by the attacker. We further propose several countermeasures against the attack.
Tieyan Li, Yongdong Wu
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where ACNS
Authors Tieyan Li, Yongdong Wu
Comments (0)