Lefranc, Serge; Naccache, David Cut-&-paste attacks with Java. (English) Zbl 1031.94520 Lee, Pil Joong (ed.) et al., Information security and cryptology - ICISC 2002. 5th international conference, Seoul, Korea, November 28-29, 2002. Revised papers. Berlin: Springer. Lect. Notes Comput. Sci. 2587, 1-15 (2003). Summary: This paper describes malicious applets that use Java’s sophisticated graphic features to rectify the browser’s padlock area and cover the address bar with a false https domain name. The attack was successfully tested on Netscape’s Navigator and Microsoft’s Internet Explorer; we consequently recommend to neutralize Java whenever funds or private data transit via these browsers and patch the flaw in the coming releases. The degree of novelty of our attack is unclear since similar (yet non-identical) results can be achieved by spoofing as described in [E. Felten et al., Web spoofing: An internet con game, Technical Report 540-96, Princeton University (1997)]; however our scenario is much simpler to mount as it only demands the inclusion of an applet in the attacker’s web page. In any case, we believe that the technical dissection of our malicious Java code has an illustrative value in itself.For the entire collection see [Zbl 1015.00034]. MSC: 94A60 Cryptography 68P25 Data encryption (aspects in computer science) Keywords:attack; Java code PDFBibTeX XMLCite \textit{S. Lefranc} and \textit{D. Naccache}, Lect. Notes Comput. Sci. 2587, 1--15 (2003; Zbl 1031.94520) Full Text: Link