On TechRepublic: 12 tech terms that make you sound old
BNET Business Network:
BNET
TechRepublic
ZDNet

FREE Registration is required

Overview:

This paper describes a new attack against web authentication, which the paper calls dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim's browser malicious Javascript, which then exploits DNS rebinding vulnerabilities and the name-based same-origin policy to hijack a legitimate session after authentication has taken place. As a result, the attack works regardless of the authentication scheme used. Dynamic pharming enables the adversary to eavesdrop on sensitive content, forge transactions, sniff secondary passwords, etc. To counter dynamic pharming attacks, the paper proposes two locked same-origin policies for web browsers. In contrast to the legacy same-origin policy, which regulates cross-object access control in browsers using domain names, the locked same-origin policies enforce access using servers' X.509 certificates and public keys.

(Is this item miscategorized? Does it need more tags? Let us know.)

Format:PDFSize:424 KB
Date:Nov 2007
Pages:14

People who downloaded this item also downloaded

Download 10 ways Microsoft could help Linux
White Paper Extensible Web Browser Security
White Paper Secure Web Browsing With the OP Web Browser
White Paper Learning and Classification of Malware Behavior
White Paper Cannot Send a Web Site Address Link From Internet Explorer

Top results from Web Browsers

White Paper The Department of Defense and Open Source Software
White Paper FileMaker Pro vs. a Web Browser
White Paper Web Hosting
White Paper Pocket PC 2002 and Handheld PC Browser Comparison
Webcast Microsoft Internet Explorer: Troubleshooting Web Content Problems

» View all Web Browsers listings

advertisement

White Papers, Webcasts, and Resources

Featured Training Courses

SmartPlanet

Click Here

Returning users: Log In Here!

Already registered on BNET, TechRepublic, or ZDNet? Simply log in.

Free Membership: Sign Up Now!

Sign up for a free membership today and get instant and unlimited access to one of the largest databases of white papers, webcasts, and casestudies anywhere. Your FREE membership allows you to:

  • Download an unlimited amount of content, including classic and current white papers, case studies, webcasts and more
  • Track content on your chosen topics of interest
  • Receive targeted email alerts when your favorite content is added
  • Save content for future reading
  • Receive our member newsletter

When you register to access this library, you allow us to share your information with companies that produce products or services featured in the library--so that such companies may contact you with information and offers regarding their products and services. This enables us to keep the library a free service. As a library registrant, you will receive a complimentary subscription to the ZDNet white paper newsletter and e-mail Must-Read News Alerts. You can unsubscribe from these at any time. By clicking the Sign up button, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy (updated).