Skip to main content
SpringerLink
Log in

Cut-&-Paste Attacks with JAVA

  • Conference paper
  • First Online:
Information Security and Cryptology — ICISC 2002 (ICISC 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2587))

Included in the following conference series:

Abstract

This paper describes malicious applets that use Java’s sophisticated graphic features to rectify the browser’s padlock area and cover the address bar with a false https domain name. The attack was successfully tested on Netscape’s Navigator and Microsoft’s Internet Explorer; we consequently recommend to neutralize Java whenever funds or private data transit via these browsers and patch the flaw in the coming releases. The degree of novelty of our attack is unclear since similar (yet nonidentical) results can be achieved by spoofing as described in [6]

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. K. Hickman, The SSL Protocol, December 1995. Available electronically at: http://www.netscape.com/newsref/std/ssl.html 1

  2. C. Horstmann and G. Cornell, Core Java, volumes 1 and 2, Sun Microsystems Press, Prentice Hall, 2000. 2

    Google Scholar 

  3. N. McFarlane,Professionnal Javascript, Wrox Press, 1999. 4

    Google Scholar 

  4. G. McGraw and E. Felten, Securing Java: getting down to business with mobile code, 2-nd edition, Wiley, 1999. 2

    Google Scholar 

  5. S. Oaks, Java security, O’Reilly, 1998. 2

    Google Scholar 

  6. E. Felten & al., Web Spoofing: An Internet Con Game, Technical Report 540-96, Princeton University, 1997. 1, 3

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. École Nationale Supérieure des Techniques Avancées, 32 Boulevard Victor, F-75739, Paris cedex 15, France

    Serge Lefranc

  2. Gemplus Card International, 34 rue Guynemer, F-92447, Issy-les-Moulineaux, France

    David Naccache

Authors
  1. Serge Lefranc
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Naccache
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pohnag University of Science and Technology, San 31, Hyoja-dong, Nam-gu, Pohang, 790-784, Kyungbuk, Korea

    Pil Joong Lee

  2. Sejong University, 98, Gunja-dong, Gwangjin-gu, 143-747, Seoul, Korea

    Chae Hoon Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lefranc, S., Naccache, D. (2003). Cut-&-Paste Attacks with JAVA. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_1

Download citation

  • DOI: https://doi.org/10.1007/3-540-36552-4_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00716-6

  • Online ISBN: 978-3-540-36552-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation