Abstract
This paper describes malicious applets that use Java’s sophisticated graphic features to rectify the browser’s padlock area and cover the address bar with a false https domain name. The attack was successfully tested on Netscape’s Navigator and Microsoft’s Internet Explorer; we consequently recommend to neutralize Java whenever funds or private data transit via these browsers and patch the flaw in the coming releases. The degree of novelty of our attack is unclear since similar (yet nonidentical) results can be achieved by spoofing as described in [6]
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
K. Hickman, The SSL Protocol, December 1995. Available electronically at: http://www.netscape.com/newsref/std/ssl.html 1
C. Horstmann and G. Cornell, Core Java, volumes 1 and 2, Sun Microsystems Press, Prentice Hall, 2000. 2
N. McFarlane,Professionnal Javascript, Wrox Press, 1999. 4
G. McGraw and E. Felten, Securing Java: getting down to business with mobile code, 2-nd edition, Wiley, 1999. 2
S. Oaks, Java security, O’Reilly, 1998. 2
E. Felten & al., Web Spoofing: An Internet Con Game, Technical Report 540-96, Princeton University, 1997. 1, 3
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lefranc, S., Naccache, D. (2003). Cut-&-Paste Attacks with JAVA. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_1
Download citation
DOI: https://doi.org/10.1007/3-540-36552-4_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00716-6
Online ISBN: 978-3-540-36552-5
eBook Packages: Springer Book Archive