Jump to content
Nytro

Rootkits for JavaScript Environments

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Rootkits for JavaScript Environments

Ben Adida

Harvard University

ben

adida@harvard.edu

Adam Barth

UC Berkeley

abarth@eecs.berkeley.edu

Collin Jackson

Stanford University

collinj@cs.stanford.edu

Abstract

A number of commercial cloud-based password

managers use bookmarklets to automatically populate

and submit login forms. Unfortunately, an attacker web

site can maliciously alter the JavaScript environment

and, when the login bookmarklet is invoked, steal the

user’s passwords. We describe general attack tech-

niques for altering a bookmarklet’s JavaScript envi-

ronment and apply them to extracting passwords from

six commercial password managers. Our proposed

solution has been adopted by several of the commercial

vendors.

Download:

http://static.usenix.org/event/woot09/tech/full_papers/adida.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...