We investigate current deployment practices for virtual host-ing, a widely used method for serving multiple HTTP and HTTPS origins from the same server, in popular content delivery networks, cloud-hosting infrastructures, and web servers. Our study uncovers a new class of HTTPS origin confusion attacks: when two virtual hosts use the same TLS certificate, or share a TLS session cache or ticket encryption key, a network attacker may cause a page from one of them to be loaded under the other’s origin in a client browser. These attacks appear when HTTPS servers are configured to allow virtual host fallback from a client-requested, se-cure origin to some other unexpected, less-secure origin. We present evidence that such vulnerable virtual host...
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharmin...
Hypertext Transfer Protocol Secure (HTTPS) is a Hypertext Transfer Protocol (HTTP) extension that in...
The increasing popularity of the World Wide Web has made more and more individuals and companies to...
In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted co...
The modern use of communication, the information they contain and their protection at all stages (cr...
HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that...
none4The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the...
Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly...
Abstract—HTTPS is designed to protect a connection against eavesdropping and man-in-the-middle attac...
The increasing popularity of the World Wide Web has made more and more individuals and companies to ...
Abstract. Revelations of large scale electronic surveillance and data mining by governments and corp...
The features of the HyperText Transfer Protocol Secure Protocol (HTTPS) and the problems that can be...
Abstract. Revelations of large scale electronic surveillance and data mining by governments and corp...
Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply...
TLS is a commonly used protocol that provides a secure communication channel through the use of encr...
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharmin...
Hypertext Transfer Protocol Secure (HTTPS) is a Hypertext Transfer Protocol (HTTP) extension that in...
The increasing popularity of the World Wide Web has made more and more individuals and companies to...
In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted co...
The modern use of communication, the information they contain and their protection at all stages (cr...
HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that...
none4The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the...
Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly...
Abstract—HTTPS is designed to protect a connection against eavesdropping and man-in-the-middle attac...
The increasing popularity of the World Wide Web has made more and more individuals and companies to ...
Abstract. Revelations of large scale electronic surveillance and data mining by governments and corp...
The features of the HyperText Transfer Protocol Secure Protocol (HTTPS) and the problems that can be...
Abstract. Revelations of large scale electronic surveillance and data mining by governments and corp...
Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply...
TLS is a commonly used protocol that provides a secure communication channel through the use of encr...
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharmin...
Hypertext Transfer Protocol Secure (HTTPS) is a Hypertext Transfer Protocol (HTTP) extension that in...
The increasing popularity of the World Wide Web has made more and more individuals and companies to...