TY - GEN
T1 - When tolerance causes weakness
T2 - 22nd International Conference on World Wide Web, WWW 2013
AU - Gilad, Yossi
AU - Herzberg, Amir
PY - 2013
Y1 - 2013
N2 - We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web- servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and TCP specifications, and features of legitimate (and common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with popular websites are vulnerable. Our attack is modular, and its modules may improve other off-path attacks on TCP communication. We present practical patches against the attack; however, the best defense is surely adoption of TLS, that ensures security even against the stronger Man-in-the-Middle attacker. Copyright is held by the International World Wide Web Conference Committee (IW3C2).
AB - We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web- servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and TCP specifications, and features of legitimate (and common) browser implementations. An empirical evaluation of our techniques with current versions of browsers shows that connections with popular websites are vulnerable. Our attack is modular, and its modules may improve other off-path attacks on TCP communication. We present practical patches against the attack; however, the best defense is surely adoption of TLS, that ensures security even against the stronger Man-in-the-Middle attacker. Copyright is held by the International World Wide Web Conference Committee (IW3C2).
KW - Browser security
KW - Off-path attacks
KW - Web and network security
UR - http://www.scopus.com/inward/record.url?scp=84893133163&partnerID=8YFLogxK
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84893133163
SN - 9781450320351
T3 - WWW 2013 - Proceedings of the 22nd International Conference on World Wide Web
SP - 435
EP - 445
BT - WWW 2013 - Proceedings of the 22nd International Conference on World Wide Web
Y2 - 13 May 2013 through 17 May 2013
ER -