Title: A dangerous mix: Large-scale analysis of mixed-content websites
Authors: Chen, Ping ×
Nikiforakis, Nick
Huygens, Christophe
Desmet, Lieven #
Issue Date: 2015
Publisher: Springer International Publishing
Host Document: Information Security: 16th International Conference, ISC 2013 pages:354-363
Series Title: Security and Cryptology
Conference: Information Security Conference edition:16 location:Dallas, Texas, USA date:13-15 November 2013
Abstract: In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the stealing of cookies and the injection of malicious JavaScript in the context of the vulnerable websites. Additionally, we investigate the default behavior of browsers on mobile devices and show that most of them, by default, allow the rendering of mixed content, which demonstrates that hundreds of thousands of mobile users are currently vulnerable to MITM attacks.
ISBN: 978-3-319-27659-5
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section
× corresponding author
# (joint) last author

Files in This Item:
File Description Status SizeFormat
2013-Insecure-Inclusions-short.pdf Accepted 463KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science