Proceedings of the 7th ACM conference on Computer and communications security
Invasive browser sniffing and countermeasures
Proceedings of the 15th international conference on World Wide Web
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
Exposing private information by timing web applications
Proceedings of the 16th international conference on World Wide Web
Cutting through the confusion: a measurement study of homograph attacks
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Lightweight self-protecting JavaScript
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
A Practical Attack to De-anonymize Social Network Users
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Web browser history detection as a real-world privacy threat
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
The Tangled Web: A Guide to Securing Modern Web Applications
The Tangled Web: A Guide to Securing Modern Web Applications
Hi-index | 0.00 |
In this work, we present a Flow Stealing attack, where a victim's browser is redirected in the middle of a browsing session. We detail two attack scenarios. The first is redirecting the victim's browser as it moves from a store to a payment provider, and the second redirects the victim to a phishing page, when she navigates to one of a set of target sites.A key issue in flow stealing is correctly timing the redirect. The main way to accomplish this is to leverage a history detection attack to test whether the victim has visited a target. By repeatedly polling, an attacker learns when the victim navigates to a tested target page. With this application, we demonstrate that the impact of history detection is greater than previously known. Our primary history detection mechanism is a cache timing attack, measuring the time it takes to load an element to determine if it was served from the browser cache. This attack works with present browser versions.We also discuss CSS history detection, based on detecting the styling of visited links, which has been solved in most browsers. Lastly, we also consider a network-based attacker who can mount a man-in-the-middle attack on the victim's network traffic.We discuss several countermeasures against flow stealing. These include two new proposed policies on JavaScript window navigation which can be implemented by browser vendors. We also present mitigations which can be implemented by individual stores or payment providers.