https://scholars.lib.ntu.edu.tw/handle/123456789/405717
標題: | Security implications of redirection trail in popular websites worldwide | 作者: | Chang, Li HSU-CHUN HSIAO Jeng, Wei Kim, Tiffany Hyun Jin |
公開日期: | 一月-2017 | 起(迄)頁: | 1491-1500 | 來源出版物: | 26th International World Wide Web Conference | 摘要: | © 2017 International World Wide Web Conference Committee (IW3C2). URL redirection is a popular technique that automatically navigates users to an intended destination webpage without user awareness. However, such a seemingly advantageous feature may offer inadequate protection from security vulnerabilities unless every redirection is performed over HTTPS. Even worse, as long as the final redirection to a website is performed over HTTPS, the browser’s URL bar indicates that the website is secure regardless of the security of prior redirections, which may provide users with a false sense of security. This paper reports a well-rounded investigation to analyze the wellness of URL redirection security. As an initial large-scale investigation, we screened the integrity and consistency of URL redirections for the Alexa top one million (1M) websites, and further examined 10,000 (10K) websites with their login features. Our results suggest that 1) the majority (83.3% in the 1M dataset and 78.6% in the 10K dataset) of redirection trails among websites that support only HTTPS are vulnerable to attacks, and 2) current incoherent practices (e.g., naked domains and www subdomains being redirected to different destinations with varying security levels) undermine the security guarantees provided by HTTPS and HSTS. |
描述: | 26th International World Wide Web Conference, WWW 2017; Perth; Australia; 3 April 2017 到 7 April 2017 |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/405717 | ISBN: | 9781450349130 | DOI: | https://api.elsevier.com/content/abstract/scopus_id/85050944151 10.1145/3038912.3052698 |
顯示於: | 圖書資訊學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。