Java security
Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
Professional Javascript
Core Java 2: Volume I Fundamentals
Core Java 2: Volume I Fundamentals
ACM Transactions on Information and System Security (TISSEC)
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Effective protection against phishing and web spoofing
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Preventing web-spoofing with automatic detecting security indicator
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
This paper describes malicious applets that use Java's sophisticated graphic features to rectify the browser's padlock area and cover the address bar with a false https domain name. The attack was successfully tested on Netscape's Navigator and Microsoft's Internet Explorer; we consequently recommend to neutralize Java whenever funds or private data transit via these browsers and patch the flaw in the coming releases. The degree of novelty of our attack is unclear since similar (yet nonidentical) results can be achieved by spoofing as described in [6]; however our scenario is much simpler to mount as it only demands the inclusion of an applet in the attacker's web page. In any case, we believe that the technical dissection of our malicious Java code has an illustrative value in itself.