Spying on the browser: dissecting the design of malicious extensions
نویسندگان
چکیده
8 Network Security May 2011 circumnavigation talk, and also assumes that usage is only taking place in areas of pervasive filtering. It does not, for example, allow for the many people who will use such tools in less filtered countries to access video content on sites that restrict it to domestic users for copyright reasons. Many people use HotspotShield to get to video sites such as Hulu or to use the BBC’s iPlayer, for example. Perhaps, in the broader scheme of things, most residents of heavily censored countries are happy to use those countries’ own versions of western tools such as search engines and social networks. For freedom of speech and anti-censorship activists, the biggest challenge may not be technical – it may be convincing others to care.
منابع مشابه
Chrome Extensions: Threat Analysis and Countermeasures
The widely popular browser extensions now become one of the most commonly used malware attack vectors. The Google Chrome browser, which implements the principles of least privileges and privilege separation by design, offers a strong security mechanism to protect malicious websites from damaging the whole browser system via extensions. In this study, we however reveal that Chrome’s extension se...
متن کاملEffective detection of vulnerable and malicious browser extensions
Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and ...
متن کاملMalicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser
Browser extensions enhance the user experience in a variety of ways. However, to support these expanded services, extensions are provided with elevated privileges that have made them an attractive vector for attackers seeking to exploit Internet services. Such attacks are particularly vexing for the sites being abused because there is no standard mechanism for identifying which extensions are r...
متن کاملBotnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions
Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser’s internal structure, thus leaving a hole for malicious developers to exploit security critical functionality within the browser itself. In this paper, we raise the awareness of the threats caused by br...
متن کاملThe Most Dangerous Code in the Browser
Browser extensions are ubiquitous. Yet, in today’s browsers, extensions are the most dangerous code to user privacy. Extensions are third-party code, like web applications, but run with elevated privileges. Even worse, existing browser extension systems give users a false sense of security by considering extensions to be more trustworthy than web applications. This is because the user typically...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Network Security
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011