{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T14:16:29Z","timestamp":1725459389922},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642333828"},{"type":"electronic","value":"9783642333835"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33383-5_6","type":"book-chapter","created":{"date-parts":[[2012,9,5]],"date-time":"2012-09-05T22:51:51Z","timestamp":1346885511000},"page":"86-103","source":"Crossref","is-referenced-by-count":16,"title":["Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?"],"prefix":"10.1007","author":[{"given":"Chaitrali","family":"Amrutkar","sequence":"first","affiliation":[]},{"given":"Patrick","family":"Traynor","sequence":"additional","affiliation":[]},{"given":"Paul C.","family":"van Oorschot","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"GoDaddy SSL certificate, \n                    \n                      http:\/\/www.godaddy.com\/Compare\/gdcompare_ssl.aspx?isc=sslqgo016b"},{"key":"6_CR2","unstructured":"VeriSign certificate, \n                    \n                      https:\/\/www.verisign.com\/ssl\/buy-ssl-certificates\/index.html?sl=t72010166130000002&gclid=CIKMyY2GuKgCFYg32godV2_8Bw"},{"key":"6_CR3","unstructured":"Key words for use in RFCs to Indicate Requirement Levels (March 1997), \n                    \n                      http:\/\/www.ietf.org\/rfc\/rfc2119.txt"},{"key":"6_CR4","unstructured":"Overflow clickjacking (November 2008), \n                    \n                      http:\/\/research.zscaler.com\/2008\/11\/clickjacking-iphone-style.html"},{"key":"6_CR5","unstructured":"Guidelines for the Processing of EV Certificates, version 1.0 (January 2009), \n                    \n                      http:\/\/www.cabforum.org\/Guidelines_for_the_processing_of_EV_certificatesv1_0.pdf"},{"key":"6_CR6","unstructured":"SSLstrip, presented at Black Hat DC (2009), \n                    \n                      http:\/\/www.thoughtcrime.org\/software\/sslstrip\/"},{"key":"6_CR7","unstructured":"Android Browser Exploit (2010), \n                    \n                      http:\/\/threatpost.com\/en_us\/blogs\/researcher-publishes-android-browser-exploit-110810"},{"key":"6_CR8","unstructured":"Guidelines for the Issuance and Management of Extended Validation Certificates, version 1.3 (November 20, 2010), \n                    \n                      http:\/\/www.cabforum.org\/Guidelines_v1_3.pdf"},{"key":"6_CR9","unstructured":"W3C: Web Security Context: User Interface Guidelines (August 2010), \n                    \n                      http:\/\/www.w3.org\/TR\/wsc-ui\/"},{"key":"6_CR10","unstructured":"Web-based Android attack (November 2010), \n                    \n                      http:\/\/www.infoworld.com\/d\/security-central\/security-researcher-releases-web-based-android-attack-317?source=rss_security_central\/"},{"key":"6_CR11","unstructured":"Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, version 1.0 (April 11, 2011), \n                    \n                      http:\/\/www.cabforum.org\/Announcement-Baseline_Requirements.pdf"},{"key":"6_CR12","unstructured":"Comodo compromise (April 1, 2011), \n                    \n                      http:\/\/www.csoonline.com\/article\/678777\/comodo-compromise-expands-hacker-talks"},{"key":"6_CR13","unstructured":"DigiNotar CA compromise (August 30, 2011), \n                    \n                      http:\/\/community.websense.com\/blogs\/securitylabs\/archive\/2011\/08\/30\/diginotar-ca-compromise.aspx"},{"key":"6_CR14","unstructured":"The CA\/Browser forum (April 11, 2011), \n                    \n                      http:\/\/www.cabforum.org\/"},{"key":"6_CR15","unstructured":"Android OS market share by version (May 2012), \n                    \n                      http:\/\/developer.android.com\/resources\/dashboard\/platform-versions.html"},{"key":"6_CR16","unstructured":"Mobile Browser Market Share (May 2012), \n                    \n                      http:\/\/gs.statcounter.com\/#mobile_browser-ww-monthly-201204-201205"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Biddle, R., van Oorschot, P., Patrick, A., Sobey, J., Whalen, T.: Browser interfaces and extended validation SSL certificates: an empirical study. In: Proceedings of the ACM Workshop on Cloud Computing Security (2009)","DOI":"10.1145\/1655008.1655012"},{"key":"6_CR18","unstructured":"Boodaei, M.: Mobile users three times more vulnerable to phishing attacks (2011), \n                    \n                      http:\/\/www.trusteer.com\/blog\/mobile-users-three-times-more-vulnerable-phishing-attacks"},{"key":"6_CR19","unstructured":"Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., Mitchell, J.: Client-side defense against web-based identity theft. In: Proc. NDSS (2004)"},{"key":"6_CR20","unstructured":"Davies, C.: iPhone Os Safari Vulnerable To DoS Attacks (April 16, 2008), \n                    \n                      http:\/\/www.iphonebuzz.com\/iphone-safari-dos-bug-discovered-162212.php"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2006)","DOI":"10.1145\/1124772.1124861"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.: The battle against phishing: Dynamic security skins. In: Proceedings of the Symposium on Usable Privacy and Security (2005)","DOI":"10.1145\/1073001.1073009"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Downs, J., Holbrook, M., Cranor, L.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security (2006)","DOI":"10.1145\/1143120.1143131"},{"key":"6_CR24","unstructured":"Felten, E.W., Balfanz, D., Dean, D., Wallach, D.S.: Intrusion Detection Prevention Web Spoofing: An Internet Con Game. In: 20th National Information Systems Security Conference (1997)"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Friedman, B., Hurley, D., Howe, D., Felten, E., Nissenbaum, H.: Users\u2019 conceptions of web security: a comparative study. In: CHI Extended Abstracts on Human Factors in Computing Systems (2002)","DOI":"10.1145\/506443.506577"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. ACM Transactions on Internet Technology (2008)","DOI":"10.1145\/1391949.1391950"},{"key":"6_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-540-77366-5_27","volume-title":"Financial Cryptography and Data Security","author":"C. Jackson","year":"2007","unstructured":"Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol.\u00a04886, pp. 281\u2013293. Springer, Heidelberg (2007)"},{"key":"6_CR28","unstructured":"Livshits, B., Molnar, D.: Empowering Browser Security for Mobile Devices Using Smart CDNs. In: Proceedings of the Workshop on Web 2.0 Security and Privacy, W2SP (2010)"},{"key":"6_CR29","unstructured":"Marlinspike, M.: More Tricks For Defeating SSL in Practice (2009), \n                    \n                      http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/MARLINSPIKE\/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"},{"key":"6_CR30","unstructured":"Niu, Y., Hsu, F., Chen, H.: iPhish: Phishing Vulnerabilities on Consumer Electronics. In: Usability, Psychology, and Security (2008)"},{"key":"6_CR31","unstructured":"Porter Felt, A., Wagner, D.: Phishing on mobile devices. In: Web 2.0 Security and Privay (2011)"},{"key":"6_CR32","unstructured":"Resig, J.: iPhone overflow clickjacking (November 2008), \n                    \n                      http:\/\/ejohn.org\/blog\/clickjacking-iphone-attack\/"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The Emperor\u2019s New Security Indicators. In: IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.35"},{"key":"6_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-540-88313-5_27","volume-title":"Computer Security - ESORICS 2008","author":"J. Sobey","year":"2008","unstructured":"Sobey, J., Biddle, R., van Oorschot, P.C., Patrick, A.S.: Exploring User Reactions to New Browser Cues for Extended Validation Certificates. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol.\u00a05283, pp. 411\u2013427. Springer, Heidelberg (2008)"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Stebila, D.: Reinforcing bad behaviour: the misuse of security indicators on popular websites. In: Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction (2010)","DOI":"10.1145\/1952222.1952275"},{"key":"6_CR36","unstructured":"Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: 18th USENIX Security Symposium Crying Wolf: An Empirical Study of SSL Warning Effectiveness. Work (2009)"},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Vratonjic, N., Freudiger, J., Bindschaedler, V., Hubaux, J.P.: The inconvenient truth about web certificates. In: The Workshop on Economics of Information Security, WEIS (2011)","DOI":"10.1007\/978-1-4614-1981-5_5"},{"key":"6_CR38","unstructured":"Whalen, T., Inkpen, K.: Gathering evidence: use of visual security cues in web browsers. In: Proceedings of Graphics Interface (2005)"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Ye, Z.E., Smith, S., Anthony, D.: Trusted paths for browsers. ACM Transactions on Information and System Security (TISSEC) (May 2005)","DOI":"10.1145\/1065545.1065546"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33383-5_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,7]],"date-time":"2019-05-07T04:28:53Z","timestamp":1557203333000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-33383-5_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642333828","9783642333835"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33383-5_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2012]]}}}