Sciweavers

CCS
2007
ACM

Dynamic pharming attacks and locked same-origin policies for web browsers

13 years 11 months ago
Dynamic pharming attacks and locked same-origin policies for web browsers
We describe a new attack against web authentication, which we call dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim’s browser malicious Javascript, which then exploits DNS rebinding vulnerabilities and the name-based sameorigin policy to hijack a legitimate session after authentication has taken place. As a result, the attack works regardless of the authentication scheme used. Dynamic pharming enables the adversary to eavesdrop on sensitive content, forge transactions, sniff secondary passwords, etc. To counter dynamic pharming attacks, we propose two locked same-origin policies for web browsers. In contrast to the legacy same-origin policy, which regulates cross-object access control in browsers using domain names, the locked same-origin policies enforce access using servers’ X.509 certificates and public keys. We show how our policies help two existing web authentication mechanisms, client-side SSL and SSL-only cookies, resist both pharming and s...
Chris Karlof, Umesh Shankar, J. Doug Tygar, David
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Chris Karlof, Umesh Shankar, J. Doug Tygar, David Wagner
Comments (0)