|Title:||Security implications of redirection trail in popular websites worldwide||Authors:||Chang, Li
Kim, Tiffany Hyun Jin
Lin, Wei Hsi
|Issue Date:||Jan-2017||Start page/Pages:||1491-1500||Source:||26th International World Wide Web Conference, WWW 2017||Abstract:||
© 2017 International World Wide Web Conference Committee (IW3C2). URL redirection is a popular technique that automatically navigates users to an intended destination webpage without user awareness. However, such a seemingly advantageous feature may offer inadequate protection from security vulnerabilities unless every redirection is performed over HTTPS. Even worse, as long as the final redirection to a website is performed over HTTPS, the browser’s URL bar indicates that the website is secure regardless of the security of prior redirections, which may provide users with a false sense of security. This paper reports a well-rounded investigation to analyze the wellness of URL redirection security. As an initial large-scale investigation, we screened the integrity and consistency of URL redirections for the Alexa top one million (1M) websites, and further examined 10,000 (10K) websites with their login features. Our results suggest that 1) the majority (83.3% in the 1M dataset and 78.6% in the 10K dataset) of redirection trails among websites that support only HTTPS are vulnerable to attacks, and 2) current incoherent practices (e.g., naked domains and www subdomains being redirected to different destinations with varying security levels) undermine the security guarantees provided by HTTPS and HSTS.
26th International World Wide Web Conference, WWW 2017; Perth; Australia; 3 April 2017 到 7 April 2017
|Appears in Collections:||圖書資訊學系|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.