Sohaib Irshad a1639280

Paper Response
Clickjacking: Attacks and
Defenses

Sohaib Irshad a1639280
In this paper the authors have shown different clickjacking attacks, how the
current defenses are weak and have instead proposed new mechanisms to
protect against Clickjacking by developing their own attacks. Clickjacking is
an attack where an attacker makes use of multiple transparent or opaque
layers in order to trick a user into clicking a button or a link on another page
when actually they wanted to click on top level page. Current clickjacking
protection lacked following which the authors have tried to address in their
research.
Widget compatibility
Usability
Backward compatibility
address the root cause of clickjacking
Currently there are three kinds of attacks that use different techniques to
compromise display integrity, pointer integrity and the temporal integrity.
Display integrity is compromised by replacing some element in CSS styling.
Pointer integrity is compromised by displaying a fake cursor while temporal
integrity is when attacker tries to complete change/load a new webpage or
a widget within a span of milliseconds. Current clickjacking defenses have
some drawbacks with robustness and site compatibility issues. In order to
support their proposed mechanisms, the authors have also designed three
new attacks based on existing techniques. They have used the previous
attacks to gain access to the webcam access, steal users private data by
asking users to double click a certain item. Whack-a-mole attack can cause
a user to randomly click on a button and lose ones own private identity
over the web.
The InContext protection as suggested by the authors tries to protect the
user from all the above threats. In order to protect the visual integrity, two
areas are matched with each other. The one as the user observes and the

Sohaib Irshad a1639280
other area as bitmap of sensitive element. If both areas dont match, the
action is cancelled. In order to provide pointer integrity, the authors suggest
no cursor customization, freeze of screen around the sensitive element
area when the cursor enters the element, muting the sound, making sure
the area around the sensitive element is highlighted and disable
programmatic changes once the sensitive element of area acquires
keyboard focus. For temporal integrity they combine different techniques
discussed above. They cause a delay in UI to make sure the page integrity
is same. In order to all these techniques work, the websites must express
which elements of their site are sensitive to the browser.


Sohaib Irshad a1639280






Paper Response
All Your iFRAMEs Point to Us
Niels Provos Panayiotis Mavrommatis Moheeb Abu Rajab Fabian Monrose
Google Inc. Johns Hopkins University


Sohaib Irshad a1639280
This paper discusses the exploitation of the web by different web
malwares, identify malicious websites, sources that cause most of the
drive-by downloads and how they are used to steal private data and can
prove harmful. There are a number of methods to inject malware into
victims computer. Many of the sites exploit web servers by using the
vulnerable scripting applications. Another method is to ask users though
their comments with an HTML to click on certain links. In order to identify
such sites they have employed certain techniques for data collection. They
use MapReduce framework to process the web pages for identification
purposes. The process includes separating certain features of the URL and
then use a cross validation to measure the quality of the machine learning
framework. It is operated by splitting the above data into five randomly
chosen partitions, processing on four partitions using the last partition for
validation. After than an average ROC curve is created to estimate
accuracy. Then after collection of data we use verification phase to identify
if the site is malicious or not. They study response of the URLs over
operating system behavior changes and also verify through virus scanners.
After that process, we create a Malware Distribution Network to investigate
the complete chain of malware initiation. The study in the paper show that
between 10 months period and analyzing 60 million URLS, they found 3
million malicious URLs and nine thousand distribution sites using the above
technique. The research shows us that of all the URLs that were malware
distribution sites 38% of Apache servers and 39.9% of servers with PHP
scripting language vulnerabilities reported security breaches. Ads also
contribute largely in exposing the user to such malware sites. Paper also
discusses the case of a Dutch radio station whose website had an
advertisement which backtracks to an infected site with automatic Trojan
downloaders.