Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks

Security&Privacy
2007
Issue No. 6 - November/December
Abstract - Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Markus Jakobsson Articles by Sid Stamm

November/December 2007 (vol. 5 no. 6)

pp. 16-24

	ASCII Text	x
	Markus Jakobsson, Sid Stamm, "Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks," IEEE Security and Privacy, vol. 5, no. 6, pp. 16-24, November/December, 2007.

	BibTex	x
	@article{ 10.1109/MSP.2007.182, author = {Markus Jakobsson and Sid Stamm}, title = {Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks}, journal ={IEEE Security and Privacy}, volume = {5}, number = {6}, issn = {1540-7993}, year = {2007}, pages = {16-24}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2007.182}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks IS - 6 SN - 1540-7993 SP16 EP24 EPD - 16-24 A1 - Markus Jakobsson, A1 - Sid Stamm, PY - 2007 KW - browser KW - cache KW - countermeasure KW - history KW - phishing KW - privacy KW - server-side KW - sniff KW - security VL - 5 JA - IEEE Security and Privacy ER -

Markus Jakobsson, Palo Alto Research Center

Sid Stamm, Indiana University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.182

Browser cache and history are intended to be private, yet it's not difficult for malicious Web sites to "sniff" cache entries on visitors' computers and then use that information to more accurately deceive them. The authors' approach neutralizes the threat of URLs being discovered on client computers.

1. E.W. Felten and M.A. Schneider, "Timing Attacks on Web Privacy," Proc. 7th ACM Conf. Computer and Communication Security, S. Jajodia and P. Samarati, eds., ACM Press, 2000, pp. 25–32.
2. M. Jakobsson, T. Jagatic, and S. Stamm, "Phishing for Clues,"5 July 2005; www.browser-recon.info.
3. SecuriTeam, "Timing Attacks on Web Privacy,"20 Feb. 2002; www.securiteam.com/securityreviews5GP020A6LG.html .
4. A. Mindlin, "Seems Somebody Is Clicking on that Spam," The New York Times,3 July 2006; www.nytimes.com/2006/07/03/technology03drill.html?_r=1&oref=slogin .
5. M. Jakobsson, "The Human Factor in Phishing," Privacy &Security of Consumer Information '07; www.informatics.indiana.edu/markus/papers aci.pdf.
6. T. Jagatic et al., "Social Phishing," Comm. ACM, vol. 50, no. 10, October 2007, pp. 94–100.
7. C. Jackson et al., "Web Privacy Attacks on a Unified Same-Origin Browser," Proc. 15th Ann. World Wide Web Conf. (WWW 06), 2006; http://crypto.stanford.edu/sameoriginsameorigin.pdf .
8. M. Jakobsson, A. Juels, and J. Ratkiewicz, "Remote Harm-Diagnostics," www.ravenwhite.com/filesrhdpdf.
9. M. Jakobsson and S. Stamm, "Invasive Browser Sniffing and Countermeasures," Proc. 15th Ann. World Wide Web Conf. (WWW 06). 2006; www.stop-phishing.com.

Index Terms:

browser, cache, countermeasure, history, phishing, privacy, server-side, sniff, security

Citation:

Markus Jakobsson, Sid Stamm, "Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks," IEEE Security and Privacy, vol. 5, no. 6, pp. 16-24, Nov.-Dec. 2007, doi:10.1109/MSP.2007.182

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.