{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T13:31:27Z","timestamp":1760707887205,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":80,"publisher":"ACM","license":[{"start":{"date-parts":[[2007,10,28]],"date-time":"2007-10-28T00:00:00Z","timestamp":1193529600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2007,10,28]]},"DOI":"10.1145\/1315245.1315254","type":"proceedings-article","created":{"date-parts":[[2007,11,15]],"date-time":"2007-11-15T14:30:20Z","timestamp":1195137020000},"page":"58-71","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":64,"title":["Dynamic pharming attacks and locked same-origin policies for web browsers"],"prefix":"10.1145","author":[{"given":"Chris","family":"Karlof","sequence":"first","affiliation":[{"name":"UC Berkeley, Berkeley, CA"}]},{"given":"Umesh","family":"Shankar","sequence":"additional","affiliation":[{"name":"Google: Inc., New York, NY"}]},{"given":"J. D.","family":"Tygar","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[{"name":"UC Berkeley, Berkeley, CA"}]}],"member":"320","published-online":{"date-parts":[[2007,10,28]]},"reference":[{"key":"e_1_3_2_1_2_1","first-page":"323","volume-title":"Proceedings of the 16th USENIX Security Symposium","author":"Akritidis P.","year":"2007","unstructured":"P. Akritidis , W. Y. Chin , V. T. Lam , S. Sidiroglou , and K. G. Anagnostakis . Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks . In Proceedings of the 16th USENIX Security Symposium , pages 323 -- 338 , August 2007 . P. Akritidis, W. Y. Chin, V. T. Lam, S. Sidiroglou, and K. G. Anagnostakis. Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks. In Proceedings of the 16th USENIX Security Symposium, pages 323--338, August 2007."},{"key":"e_1_3_2_1_3_1","unstructured":"Anti-phishing working group. http:\/\/www.antiphishing.org\/.  Anti-phishing working group. http:\/\/www.antiphishing.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Bank of America Sitekey: Online banking security. http:\/\/www.bankofamerica\/privacy\/sitekey\/.  Bank of America Sitekey: Online banking security. http:\/\/www.bankofamerica\/privacy\/sitekey\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Stephen Bell. Invalid banking cert spooks only one user in 300. Computer World New Zealand http:\/\/www.computerworld.co.nz\/news.nsf\/NL\/-FCC8B6B48B24CDF2CC257002001%8FF73 May 2005.  Stephen Bell. Invalid banking cert spooks only one user in 300. Computer World New Zealand http:\/\/www.computerworld.co.nz\/news.nsf\/NL\/-FCC8B6B48B24CDF2CC257002001%8FF73 May 2005."},{"key":"e_1_3_2_1_6_1","first-page":"1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Chiasson Sonia","year":"2006","unstructured":"Sonia Chiasson , P. C. van Oorschot , and Robert Biddle . A usability study and critique of two password managers . In Proceedings of the 15th USENIX Security Symposium , pages 1 -- 16 , August 2006 . Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. A usability study and critique of two password managers. In Proceedings of the 15th USENIX Security Symposium, pages 1--16, August 2006."},{"key":"e_1_3_2_1_7_1","unstructured":"Tyler Close. Petname tool. http:\/\/petname.mozdev.org\/.  Tyler Close. Petname tool. http:\/\/petname.mozdev.org\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Tyler Close. Waterken YURL. http:\/\/www.waterken.com\/dev\/YURL\/httpsy\/.  Tyler Close. Waterken YURL. http:\/\/www.waterken.com\/dev\/YURL\/httpsy\/."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1073001.1073009"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_1_11_1","unstructured":"Earthlink Toolbar Featuring ScamBlocker for Windows Users. http:\/\/www.earthlink.net\/software\/free\/toolbar\/.  Earthlink Toolbar Featuring ScamBlocker for Windows Users. http:\/\/www.earthlink.net\/software\/free\/toolbar\/."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-739X(99)00055-2"},{"key":"e_1_3_2_1_13_1","unstructured":"Alan O. Freier Philip Karlton and Paul C. Kocher. The SSL Protocol Version 3.0. http:\/\/wp.netscape.com\/eng\/ssl3\/ 1996.  Alan O. Freier Philip Karlton and Paul C. Kocher. The SSL Protocol Version 3.0. http:\/\/wp.netscape.com\/eng\/ssl3\/ 1996."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/506443.506577"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/506443.506510"},{"key":"e_1_3_2_1_16_1","first-page":"251","volume-title":"10th USENIX Security Symposium","author":"Fu Kevin","year":"2001","unstructured":"Kevin Fu , Emil Sit , Kendra Smith , and Nick Feamster . Dos and Don'ts of client authentication on the web . In 10th USENIX Security Symposium , pages 251 -- 268 , August 2001 . Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster. Dos and Don'ts of client authentication on the web. In 10th USENIX Security Symposium, pages 251--268, August 2001."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/647501.728165"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/503124.503156"},{"key":"e_1_3_2_1_20_1","unstructured":"David Goldsmith. How a 'Catch-22' Turns into a 'Shame on You'. http:\/\/isc.sans.org\/diary.html?storyid=1230 March 2006.  David Goldsmith. How a 'Catch-22' Turns into a 'Shame on You'. http:\/\/isc.sans.org\/diary.html?storyid=1230 March 2006."},{"key":"e_1_3_2_1_21_1","unstructured":"Anti-Phishing Working Group. Ebay - Update Your Account MITM attack. http:\/\/www.antiphishing.org\/phishing_archive\/05-03-05_Ebay\/05-03-05_Eba%y.html.  Anti-Phishing Working Group. Ebay - Update Your Account MITM attack. http:\/\/www.antiphishing.org\/phishing_archive\/05-03-05_Ebay\/05-03-05_Eba%y.html."},{"key":"e_1_3_2_1_22_1","unstructured":"Princeton Secure Internet Programming Group. DNS attack scenario. http:\/\/www.cs.princeton.edu\/sip\/news\/dns-scenario.html February 1996.  Princeton Secure Internet Programming Group. DNS attack scenario. http:\/\/www.cs.princeton.edu\/sip\/news\/dns-scenario.html February 1996."},{"key":"e_1_3_2_1_23_1","volume-title":"AusCERT Asia Pacific Information Technology Security Conference 2004","author":"Gutmann Peter","year":"2004","unstructured":"Peter Gutmann . Why isn't the Internet secure yet, dammit . In AusCERT Asia Pacific Information Technology Security Conference 2004 , May 2004 . Peter Gutmann. Why isn't the Internet secure yet, dammit. In AusCERT Asia Pacific Information Technology Security Conference 2004, May 2004."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060815"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Russell Housley Warwick Ford Tim Polk and David Solo. Internet X.509 public key infrastructure certificate and Certificate Revocation List (CRL) profile.http:\/\/tools.ietf.org\/html\/rfc3280 2002.   Russell Housley Warwick Ford Tim Polk and David Solo. Internet X.509 public key infrastructure certificate and Certificate Revocation List (CRL) profile.http:\/\/tools.ietf.org\/html\/rfc3280 2002.","DOI":"10.17487\/rfc3280"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_28_1","unstructured":"ING direct privacy center. https:\/\/home.ingdirect.com\/privacy\/privacy_security.asp?s=newsecurityfe%ature.  ING direct privacy center. https:\/\/home.ingdirect.com\/privacy\/privacy_security.asp?s=newsecurityfe%ature."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315298"},{"key":"e_1_3_2_1_30_1","volume-title":"Adam Barth. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In Proceedings of Usable Security (USEC '07)","author":"Jackson Collin","year":"2007","unstructured":"Collin Jackson , Daniel R. Simon , Desney S. Tan , and Adam Barth. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In Proceedings of Usable Security (USEC '07) , February 2007 . Collin Jackson, Daniel R. Simon, Desney S. Tan, and Adam Barth. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In Proceedings of Usable Security (USEC '07), February 2007."},{"key":"e_1_3_2_1_31_1","unstructured":"Martin Johns. On XSRF and Why You Should Care. Talk at the PacSec 2006 conference http:\/\/www.informatik.uni-hamburg.de\/SVS\/personnel\/martin\/psj06johns-e.%pdf November 2006.  Martin Johns. On XSRF and Why You Should Care. Talk at the PacSec 2006 conference http:\/\/www.informatik.uni-hamburg.de\/SVS\/personnel\/martin\/psj06johns-e.%pdf November 2006."},{"key":"e_1_3_2_1_32_1","volume-title":"August","author":"Johns Martin","year":"2006","unstructured":"Martin Johns . (Somewhat) breaking the same-origin policy by undermining DNS pinning. http:\/\/shampoo.antville.org\/stories\/1451301\/ , August 2006 . Martin Johns. (Somewhat) breaking the same-origin policy by undermining DNS pinning. http:\/\/shampoo.antville.org\/stories\/1451301\/, August 2006."},{"key":"e_1_3_2_1_33_1","unstructured":"Martin Johns. Using Java in anti DNS-pinning attacks. http:\/\/shampoo.antville.org\/stories\/1566124\/ February 2007.  Martin Johns. Using Java in anti DNS-pinning attacks. http:\/\/shampoo.antville.org\/stories\/1566124\/ February 2007."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"e_1_3_2_1_36_1","volume-title":"January","author":"DNS","year":"2007","unstructured":"Kanatoko. Anti- DNS Pinning (DNS Rebinding) + Socket in FLASH. http:\/\/www.jumperz.net\/index.php?i=2&a=3&b=3 , January 2007 . Kanatoko. Anti-DNS Pinning (DNS Rebinding) + Socket in FLASH. http:\/\/www.jumperz.net\/index.php?i=2&a=3&b=3, January 2007."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/648022.757285"},{"key":"e_1_3_2_1_39_1","first-page":"271","volume-title":"Proceedings of the 14th USENIX Security Symposium","author":"Benjamin Livshits V.","year":"2005","unstructured":"V. Benjamin Livshits and Monica S. Lam . Finding security vulnerabilities in Java applications using static analysis . In Proceedings of the 14th USENIX Security Symposium , pages 271 -- 286 , August 2005 . V. Benjamin Livshits and Monica S. Lam. Finding security vulnerabilities in Java applications using static analysis. In Proceedings of the 14th USENIX Security Symposium, pages 271--286, August 2005."},{"key":"e_1_3_2_1_40_1","unstructured":"Uriel Maimon. Universal Man-in-the-Middle Phishing Kit - why is this even news? http:\/\/www.rsa.com\/blog\/entry.asp?id=1160.  Uriel Maimon. Universal Man-in-the-Middle Phishing Kit - why is this even news? http:\/\/www.rsa.com\/blog\/entry.asp?id=1160."},{"key":"e_1_3_2_1_41_1","volume-title":"Sean Smith. WSKE: Web Server Key Enabled Cookies. In Proceedings of Usable Security (USEC)","author":"Masone Chris","year":"2007","unstructured":"Chris Masone , Kwang-Hyun Baek , and Sean Smith. WSKE: Web Server Key Enabled Cookies. In Proceedings of Usable Security (USEC) , February 2007 . Chris Masone, Kwang-Hyun Baek, and Sean Smith. WSKE: Web Server Key Enabled Cookies. In Proceedings of Usable Security (USEC), February 2007."},{"key":"e_1_3_2_1_42_1","unstructured":"Adam Megacz. XWT Foundation Advisory: Firewall circumvention possible with all browsers. http:\/\/www.megacz.com\/research\/papers\/sop.txt July 2002.  Adam Megacz. XWT Foundation Advisory: Firewall circumvention possible with all browsers. http:\/\/www.megacz.com\/research\/papers\/sop.txt July 2002."},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers. http:\/\/blogs.msdn.com\/ie\/archive\/2005\/11\/21\/495507.aspx.  Microsoft. Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers. http:\/\/blogs.msdn.com\/ie\/archive\/2005\/11\/21\/495507.aspx."},{"key":"e_1_3_2_1_44_1","unstructured":"Microsoft. Mitigating cross-site scripting with HTTP-only cookies. http:\/\/msdn.microsoft.com\/workshop\/author\/dhtml\/httponly_cookies.asp.  Microsoft. Mitigating cross-site scripting with HTTP-only cookies. http:\/\/msdn.microsoft.com\/workshop\/author\/dhtml\/httponly_cookies.asp."},{"key":"e_1_3_2_1_45_1","unstructured":"Microsoft. Microsoft security bulletin MS01-017: Erroneous VeriSign-issued digital certificates pose spoofing hazard. http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS01-017.mspx March 2001.  Microsoft. Microsoft security bulletin MS01-017: Erroneous VeriSign-issued digital certificates pose spoofing hazard. http:\/\/www.microsoft.com\/technet\/security\/Bulletin\/MS01-017.mspx March 2001."},{"key":"e_1_3_2_1_46_1","unstructured":"Mozilla Bugzilla bug 149943 - Princeton-like exploit may be possible. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=149943.  Mozilla Bugzilla bug 149943 - Princeton-like exploit may be possible. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=149943."},{"key":"e_1_3_2_1_47_1","unstructured":"Mozilla Bugzilla bug 162871 - DNS: problems with new DNS cache (\"pinning\" forever). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=162871.  Mozilla Bugzilla bug 162871 - DNS: problems with new DNS cache (\"pinning\" forever). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=162871."},{"key":"e_1_3_2_1_48_1","unstructured":"Mozilla Bugzilla bug 205726 - nsDnsService rewrite. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=205726.  Mozilla Bugzilla bug 205726 - nsDnsService rewrite. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=205726."},{"key":"e_1_3_2_1_49_1","unstructured":"Mozilla Bugzilla bug 245609 - Mozilla not getting certificate issuer from Authority Information Access CA Issuers June 2004.  Mozilla Bugzilla bug 245609 - Mozilla not getting certificate issuer from Authority Information Access CA Issuers June 2004."},{"volume-title":"March","year":"2007","key":"e_1_3_2_1_50_1","unstructured":"mozilla.dev.security. VeriSign Class 3 Secure Server CA http:\/\/groups.google.com\/group\/mozilla.dev.security\/browse_thread\/threa%d\/6830a8566de24547\/0be9dea1c274d0c5 , March 2007 . mozilla.dev.security. VeriSign Class 3 Secure Server CA http:\/\/groups.google.com\/group\/mozilla.dev.security\/browse_thread\/threa%d\/6830a8566de24547\/0be9dea1c274d0c5, March 2007."},{"key":"e_1_3_2_1_51_1","unstructured":"mozilla.org. The same-origin policy. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html.  mozilla.org. The same-origin policy. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_3_2_1_52_1","unstructured":"Netcraft anti-phishing toolbar. http:\/\/toolbar.netcraft.com\/.  Netcraft anti-phishing toolbar. http:\/\/toolbar.netcraft.com\/."},{"key":"e_1_3_2_1_53_1","unstructured":"Gunter Ollmann. The pharming guide. http:\/\/www.ngssoftware.com\/papers\/ThePharmingGuide.pdf.  Gunter Ollmann. The pharming guide. http:\/\/www.ngssoftware.com\/papers\/ThePharmingGuide.pdf."},{"key":"e_1_3_2_1_54_1","volume-title":"Di Paola and Giorgio Fedon. Subverting Ajax. In 23rd Chaos Communication Congress","author":"Stefano","year":"2006","unstructured":"Stefano Di Paola and Giorgio Fedon. Subverting Ajax. In 23rd Chaos Communication Congress , December 2006 . Stefano Di Paola and Giorgio Fedon. Subverting Ajax. In 23rd Chaos Communication Congress, December 2006."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/11889663_1"},{"key":"e_1_3_2_1_56_1","unstructured":"Washington Post. Citibank Phish Spoofs 2-Factor Authentication. http:\/\/blog.washingtonpost.com\/securityfix\/2006\/07\/citibank_phish_spoof%s_2factor_1.html.  Washington Post. Citibank Phish Spoofs 2-Factor Authentication. http:\/\/blog.washingtonpost.com\/securityfix\/2006\/07\/citibank_phish_spoof%s_2factor_1.html."},{"key":"e_1_3_2_1_57_1","unstructured":"Washington Post. Not Your Average Phishing Scam. http:\/\/blog.washingtonpost.com\/securityfix\/2007\/01\/not_your_average_ama%zon_phishi.html.  Washington Post. Not Your Average Phishing Scam. http:\/\/blog.washingtonpost.com\/securityfix\/2007\/01\/not_your_average_ama%zon_phishi.html."},{"key":"e_1_3_2_1_58_1","unstructured":"PTFB Pro. http:\/\/www.ptfbpro.com\/.  PTFB Pro. http:\/\/www.ptfbpro.com\/."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251086.1251121"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the Second Annual Workshop on Economics and Information Security","author":"Rosasco Nicholas","year":"2003","unstructured":"Nicholas Rosasco and David Larochelle . How and why more secure technologies succeed in legacy markets: Lessons from the success of SSH . In Proceedings of the Second Annual Workshop on Economics and Information Security , May 2003 . Nicholas Rosasco and David Larochelle. How and why more secure technologies succeed in legacy markets: Lessons from the success of SSH. In Proceedings of the Second Annual Workshop on Economics and Information Security, May 2003."},{"key":"e_1_3_2_1_61_1","volume-title":"RSA conference","author":"Roskind Jim","year":"2001","unstructured":"Jim Roskind . Attacks against the netscape browser. Invited talk , RSA conference , April 2001 . Jim Roskind. Attacks against the netscape browser. Invited talk, RSA conference, April 2001."},{"key":"e_1_3_2_1_62_1","first-page":"17","volume-title":"Proceedings of the 14th USENIX Security Symposium","author":"Ross Blake","year":"2005","unstructured":"Blake Ross , Collin Jackson , Nicholas Miyake , Dan Boneh , and John C. Mitchell . Stronger password authentication using browser extensions . In Proceedings of the 14th USENIX Security Symposium , pages 17 -- 32 , August 2005 . Blake Ross, Collin Jackson, Nicholas Miyake, Dan Boneh, and John C. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the 14th USENIX Security Symposium, pages 17--32, August 2005."},{"key":"e_1_3_2_1_63_1","volume-title":"December","author":"Santesson Stefan","year":"2005","unstructured":"Stefan Santesson and Russell Housley . Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension . http:\/\/www.ietf.org\/rfc\/rfc4325.txt , December 2005 . Stefan Santesson and Russell Housley. Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension. http:\/\/www.ietf.org\/rfc\/rfc4325.txt, December 2005."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_3_2_1_65_1","unstructured":"Security Space and E-Soft. Secure Server Survey. http:\/\/www.securityspace.com\/s_survey\/sdata\/200704\/certca.html May 2007.  Security Space and E-Soft. Secure Server Survey. http:\/\/www.securityspace.com\/s_survey\/sdata\/200704\/certca.html May 2007."},{"key":"e_1_3_2_1_66_1","volume-title":"The 33rd Research Conference on Communication, Information, and Internet Policy","author":"Shah Rajiv","year":"2005","unstructured":"Rajiv Shah and Christian Sandvig . Software Defaults as De Facto Regulation: The Case of the Wireless Internet . In The 33rd Research Conference on Communication, Information, and Internet Policy , September 2005 . Rajiv Shah and Christian Sandvig. Software Defaults as De Facto Regulation: The Case of the Wireless Internet. In The 33rd Research Conference on Communication, Information, and Internet Policy, September 2005."},{"key":"e_1_3_2_1_67_1","unstructured":"Christopher Soghoian and Markus Jakobsson. A Deceit-Augmented Man In The Middle Attack Against Bankof America's SiteKey Service. http:\/\/paranoia.dubfire.net\/2007\/04\/deceit-augmented-man-in-middle-atta%ck.html April 2007.  Christopher Soghoian and Markus Jakobsson. A Deceit-Augmented Man In The Middle Attack Against Bankof America's SiteKey Service. http:\/\/paranoia.dubfire.net\/2007\/04\/deceit-augmented-man-in-middle-atta%ck.html April 2007."},{"key":"e_1_3_2_1_68_1","unstructured":"Josh Soref. DNS: Spoofing and Pinning. http:\/\/viper.haque.net\/~timeless\/blog\/11\/.  Josh Soref. DNS: Spoofing and Pinning. http:\/\/viper.haque.net\/~timeless\/blog\/11\/."},{"key":"e_1_3_2_1_69_1","unstructured":"Spoofstick. http:\/\/www.spoofstick.com\/.  Spoofstick. http:\/\/www.spoofstick.com\/."},{"key":"e_1_3_2_1_71_1","unstructured":"Win Treese and Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. http:\/\/tools.ietf.org\/html\/rfc4346 2006.  Win Treese and Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. http:\/\/tools.ietf.org\/html\/rfc4346 2006."},{"key":"e_1_3_2_1_72_1","volume-title":"Models of Trust for the Web Workshop at the 15th International World Wide Web Conference (WWW2006)","author":"Tsow Alex","year":"2006","unstructured":"Alex Tsow . Phishing with consumer electronics - malicious home routers . In Models of Trust for the Web Workshop at the 15th International World Wide Web Conference (WWW2006) , May 2006 . Alex Tsow. Phishing with consumer electronics - malicious home routers. In Models of Trust for the Web Workshop at the 15th International World Wide Web Conference (WWW2006), May 2006."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1080\/15567280600995832"},{"key":"e_1_3_2_1_74_1","unstructured":"Vanguard security center. https:\/\/flagship.vanguard.com\/VGApp\/hnw\/content\/UtilityBar\/SiteHelp\/Sit%eHelp\/SecurityCenterOverviewContent.jsp.  Vanguard security center. https:\/\/flagship.vanguard.com\/VGApp\/hnw\/content\/UtilityBar\/SiteHelp\/Sit%eHelp\/SecurityCenterOverviewContent.jsp."},{"key":"e_1_3_2_1_75_1","unstructured":"VeriSign. Licensing VeriSign Certificates Securing Multiple Web Server and Domain Configurations. http:\/\/www.verisign.com\/static\/001496.pdf June 2005.  VeriSign. Licensing VeriSign Certificates Securing Multiple Web Server and Domain Configurations. http:\/\/www.verisign.com\/static\/001496.pdf June 2005."},{"key":"e_1_3_2_1_76_1","unstructured":"VivilProject. List of public DNS servers.  VivilProject. List of public DNS servers."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124863"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143133"},{"key":"e_1_3_2_1_79_1","first-page":"179","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Xie Yichen","year":"2006","unstructured":"Yichen Xie and Alex Aiken . Static detection of security vulnerabilities in scripting languages . In Proceedings of the 15th USENIX Security Symposium , pages 179 -- 192 , August 2006 . Yichen Xie and Alex Aiken. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th USENIX Security Symposium, pages 179--192, August 2006."},{"key":"e_1_3_2_1_80_1","first-page":"121","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Xu Wei","year":"2006","unstructured":"Wei Xu , Sandeep Bhatkar , and R. Sekar . Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks . In Proceedings of the 15th USENIX Security Symposium , pages 121 -- 136 , August 2006 . Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium, pages 121--136, August 2006."},{"key":"e_1_3_2_1_81_1","unstructured":"Yahoo sign-in seal. http:\/\/security.yahoo.com\/.  Yahoo sign-in seal. http:\/\/security.yahoo.com\/."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720283"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143126"},{"key":"e_1_3_2_1_84_1","first-page":"37","volume-title":"Proceedings of the 6th USENIX Security Symposium","author":"Ylonen Tatu","year":"1996","unstructured":"Tatu Ylonen . SSH - secure login connections over the Internet . In Proceedings of the 6th USENIX Security Symposium , pages 37 -- 42 , 1996 . Tatu Ylonen. SSH - secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pages 37--42, 1996."},{"key":"e_1_3_2_1_85_1","volume-title":"July","author":"Youll Jim","year":"2006","unstructured":"Jim Youll . Fraud vulnerabilities in SiteKey security at Bank of America. cr-labs.com\/publications\/SiteKey-20060718.pdf , July 2006 . Jim Youll. Fraud vulnerabilities in SiteKey security at Bank of America. cr-labs.com\/publications\/SiteKey-20060718.pdf, July 2006."},{"key":"e_1_3_2_1_86_1","volume-title":"Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007)","author":"Zhang Yue","year":"2007","unstructured":"Yue Zhang , Serge Egelman , Lorrie Faith Cranor , and Jason Hong . Phinding phish : Evaluating anti-phishing tools . In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007) , February 2007 . Yue Zhang, Serge Egelman, Lorrie Faith Cranor, and Jason Hong. Phinding phish: Evaluating anti-phishing tools. In Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007), February 2007."}],"event":{"name":"CCS07: 14th ACM Conference on Computer and Communications Security 2007","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Alexandria Virginia USA","acronym":"CCS07"},"container-title":["Proceedings of the 14th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315254","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1315245.1315254","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:56:12Z","timestamp":1750254972000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315254"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,10,28]]},"references-count":80,"alternative-id":["10.1145\/1315245.1315254","10.1145\/1315245"],"URL":"https:\/\/doi.org\/10.1145\/1315245.1315254","relation":{},"subject":[],"published":{"date-parts":[[2007,10,28]]},"assertion":[{"value":"2007-10-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}