Download now Free registration required
While web pages sent over HTTP have no integrity guarantees, it is commonly assumed that such pages are not modified in transit. In this paper, the authors provide evidence of surprisingly widespread and diverse changes made to web pages between the server and client. Over 1% of web clients in the study received altered pages, and they show that these changes often have undesirable consequences for web publishers or end users. Such changes include popup blocking scripts inserted by client software, advertisements injected by ISPs, and even malicious code likely inserted by malware using ARP poisoning. Additionally, they find that changes introduced by client software can inadvertently cause harm, such as introducing cross-site scripting vulnerabilities into most pages a client visits.
- Format: PDF
- Size: 224.65 KB