www.cs.dartmouth.edu/˜pkilab/demos/spoofing/ Computer security protocols usually terminate in a computer; however, the human-based services they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. This paper examines this gap, as it is manifested in “secure” Web services. Felten et al demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. Our recent follow-up work explicitly shows how malicious servers can still do this—and can also forge the existence of an SSL session and the contents of the alleged server certificate. This paper reports the results of our ongoing experimental work to systematically defend against Web spoofing, by crea...
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site ...
Abstract—The security and privacy of our online communi-cations heavily relies on the entity authent...
Abstract. Phishing and Web spoofing have proliferated and become a major nuisance on the Internet. T...
The security of the vast majority of “secure ” Web services rests on SSL server PKI. However, this P...
The security of the vast majority of ``secure\u27\u27 Web services rests on SSL server PKI. However,...
Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not ...
Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not ...
The Web is currently the pre-eminent medium for electronic service delivery to remote users. As a co...
The communication between the Web browser and the human user is one component of the server-client c...
Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we di...
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecti...
Existing Web browsers handle security errors in a manner that often confuses users. In particular, w...
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections bet...
Client authentication has been a continuous source of problems on the Web. Although many well-studie...
Jackson and Barth[1], in their paper "Beware of Finer-Grained Origins " (May 2008), descri...
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site ...
Abstract—The security and privacy of our online communi-cations heavily relies on the entity authent...
Abstract. Phishing and Web spoofing have proliferated and become a major nuisance on the Internet. T...
The security of the vast majority of “secure ” Web services rests on SSL server PKI. However, this P...
The security of the vast majority of ``secure\u27\u27 Web services rests on SSL server PKI. However,...
Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not ...
Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not ...
The Web is currently the pre-eminent medium for electronic service delivery to remote users. As a co...
The communication between the Web browser and the human user is one component of the server-client c...
Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we di...
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecti...
Existing Web browsers handle security errors in a manner that often confuses users. In particular, w...
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections bet...
Client authentication has been a continuous source of problems on the Web. Although many well-studie...
Jackson and Barth[1], in their paper "Beware of Finer-Grained Origins " (May 2008), descri...
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site ...
Abstract—The security and privacy of our online communi-cations heavily relies on the entity authent...
Abstract. Phishing and Web spoofing have proliferated and become a major nuisance on the Internet. T...