Abstract
This paper proposes a browser spoofing attack which can break the weakest link from the server to user, i.e., man-computer-interface, and hence defeat the whole security system of Internet transaction. In this attack, when a client is misled to an attacker's site, or an attacker hijacks a connection, a set of malicious HTML files are downloaded to the client's machine. The files are used to create a spoofed browser including a faked window with malicious event processing methods. The bogus window, having the same appearance as the original one, shows the "good" web content with "bad" activities behind such as disclosing password stealthily. Once the attack is mounted, even a scrupulous user will trust the browser that is fully controlled by the attacker. We further propose several countermeasures against the attack. © Springer-Verlag Berlin Heidelberg 2003.
Cite
CITATION STYLE
Li, T. Y., & Wu, Y. (2003). Trust on web browser: Attack vs. defense. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. https://doi.org/10.1007/978-3-540-45203-4_19
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
