Information and Computation
Automation and customization of rendered web pages
Proceedings of the 18th annual ACM symposium on User interface software and technology
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Proceedings of the ACM SIGCOMM 2010 conference
Challenges in measuring online advertising systems
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Netalyzr: illuminating the edge network
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Integrity of the web content: the case of online advertising
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
Peering through the shroud: the effect of edge opacity on ip-based client identification
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
Proceedings of the 2012 ACM conference on Computer and communications security
Dissecting ghost clicks: ad fraud via misdirected human clicks
Proceedings of the 28th Annual Computer Security Applications Conference
Measuring the practical impact of DNSSEC deployment
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
When a user requests content from a cloud service provider, sometimes the content sent by the provider is modified inflight by third-party entities. To our knowledge, there is no comprehensive study that examines the extent and primary root causes of the content modification problem. We design a lightweight experiment and instrument a vast number of clients in the wild to make two additional DNS queries every day. We identify candidate rogue servers and develop a measurement methodology to determine, for each candidate rogue server, whether the server is performing inflight modifications or not. In total, we discover 349 servers as malicious, that is, as modifying content inflight, and more than 1.9% of all US clients are affected by these malicious servers. We investigate the root causes of the problem. We identify 9 ISPs, whose clients are predominately affected. We find that the root cause is not sophisticated transparent in-network services, but instead local DNS servers in the problematic ISPs.