Minaxi Gupta, Exploitable Redirects on the Web: Identification, Prevalence, and Defense
Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this work, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.This work was presented at the USENIX Workshop On Offensive Technologies (WOOT) in July, 2008. Subsequently, several online press venues have covered it, including The Washington Post, SC Magazine, and Herald Times. About the speaker: Minaxi Gupta is an Assistant Professor in the Computer ScienceDepartment at Indiana University (Bloomington). She joined IU afterfinishing her Ph.D. in Computer Science from Georgia Tech in 2004.Gupta's research interests are in Computer Networks and Security. Sheis currently working on understanding Internet's vulnerabilities andhow attackers are using them to their advantage, especially in thecontext of phishing. Her other research focus is on re-architectingthe Internet. Gupta is the recipient of the prestigious TrusteesTeaching Award (2007-2008) and Outstanding Junior Faculty Award(2006-2007) from Indiana University.
Create your
podcast in
minutes
It is Free