Publicatie

A dangerous mix: Large-scale analysis of mixed-content websites

Boekbijdrage - Boekhoofdstuk Conferentiebijdrage

Korte inhoud:In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the stealing of cookies and the injection of malicious JavaScript in the context of the vulnerable websites. Additionally, we investigate the default behavior of browsers on mobile devices and show that most of them, by default, allow the rendering of mixed content, which demonstrates that hundreds of thousands of mobile users are currently vulnerable to MITM attacks.

Boek: Information Security: 16th International Conference, ISC 2013

Pagina's: 354 - 363

ISBN:978-3-319-27659-5

Jaar van publicatie:2015

WoS Id: 000375849500025
DOI: https://doi.org/10.1007/978-3-319-27659-5
Institutional Repository URL: https://lirias.kuleuven.be/209262

BOF-keylabel:ja

IOF-keylabel:ja

Authors from:Higher Education

Toegankelijkheid:Open

Reviewstatus:Peer-reviewed

Publicatie

A dangerous mix: Large-scale analysis of mixed-content websites

Boekbijdrage - Boekhoofdstuk Conferentiebijdrage

SDG-label van Aurora

Auteurs/uitgever

Onderzoekseenheden

Evenementen