Abstract
In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the stealing of cookies and the injection of malicious JavaScript in the context of the vulnerable websites. Additionally, we investigate the default behavior of browsers on mobile devices and show that most of them, by default, allow the rendering of mixed content, which demonstrates that hundreds of thousands of mobile users are currently vulnerable to MITM attacks.
Cite
CITATION STYLE
Chen, P., Nikiforakis, N., Huygens, C., & Desmet, L. (2015). A dangerous mix: Large-scale analysis of mixed-content websites. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7807, pp. 354–363). Springer Verlag. https://doi.org/10.1007/978-3-319-27659-5_25
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
