{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:39:32Z","timestamp":1750307972140,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2007,10,28]],"date-time":"2007-10-28T00:00:00Z","timestamp":1193529600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2007,10,28]]},"DOI":"10.1145\/1315245.1315298","type":"proceedings-article","created":{"date-parts":[[2007,11,15]],"date-time":"2007-11-15T14:30:20Z","timestamp":1195137020000},"page":"421-431","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":33,"title":["Protecting browsers from dns rebinding attacks"],"prefix":"10.1145","author":[{"given":"Collin","family":"Jackson","sequence":"first","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Adam","family":"Barth","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Andrew","family":"Bortz","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Weidong","family":"Shao","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}]},{"given":"Dan","family":"Boneh","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA"}]}],"member":"320","published-online":{"date-parts":[[2007,10,28]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Adobe. Flash Player Penetration. http:\/\/www.adobe.com\/products\/player_census\/flashplayer\/.  Adobe. Flash Player Penetration. http:\/\/www.adobe.com\/products\/player_census\/flashplayer\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Adobe. Adobe flash player 9 security. http:\/\/www.adobe.com\/devnet\/flashplayer\/articles\/flash_player_9_securit%y.pdf July 2006.  Adobe. Adobe flash player 9 security. http:\/\/www.adobe.com\/devnet\/flashplayer\/articles\/flash_player_9_securit%y.pdf July 2006."},{"key":"e_1_3_2_1_3_1","unstructured":"Alexa. Top sites. http:\/\/www.alexa.com\/site\/ds\/top_sites?ts_mode=global.  Alexa. Top sites. http:\/\/www.alexa.com\/site\/ds\/top_sites?ts_mode=global."},{"key":"e_1_3_2_1_4_1","unstructured":"K. Anvil. Anti-DNS pinning + socket in flash. http:\/\/www.jumperz.net\/ 2007.  K. Anvil. Anti-DNS pinning + socket in flash. http:\/\/www.jumperz.net\/ 2007."},{"key":"e_1_3_2_1_5_1","volume-title":"Proc. Usenix","author":"Cheswick W.","year":"1996","unstructured":"W. Cheswick and S. Bellovin . A DNS filter and switch for packet-filtering gateways . In Proc. Usenix , 1996 . W. Cheswick and S. Bellovin. A DNS filter and switch for packet-filtering gateways. In Proc. Usenix, 1996."},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. NDSS","author":"Chou N.","year":"2004","unstructured":"N. Chou , R. Ledesma , Y. Teraguchi , and J. Mitchell . Client-side defense against web-based identity theft . In Proc. NDSS , 2004 . N. Chou, R. Ledesma, Y. Teraguchi, and J. Mitchell. Client-side defense against web-based identity theft. In Proc. NDSS, 2004."},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. HotBots","author":"Daswani N.","year":"2007","unstructured":"N. Daswani , M. Stoppelman , The anatomy of Clickbot.A . In Proc. HotBots , 2007 . N. Daswani, M. Stoppelman, et al. The anatomy of Clickbot.A. In Proc. HotBots, 2007."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/525080.884266"},{"key":"e_1_3_2_1_9_1","volume-title":"December","author":"Edwards D.","year":"2005","unstructured":"D. Edwards . Your MOMA knows best , December 2005 . http:\/\/xooglers.blogspot.com\/2005\/12\/your-moma-knows-best.html. D. Edwards. Your MOMA knows best, December 2005. http:\/\/xooglers.blogspot.com\/2005\/12\/your-moma-knows-best.html."},{"key":"e_1_3_2_1_10_1","volume-title":"January","author":"Fenzi K.","year":"2004","unstructured":"K. Fenzi and D. Wreski . Linux security HOWTO , January 2004 . K. Fenzi and D. Wreski. Linux security HOWTO, January 2004."},{"key":"e_1_3_2_1_11_1","volume-title":"Hypertext Transfer Protocol. HTTP\/1.1. RFC","author":"Fielding R.","year":"1999","unstructured":"R. Fielding , J. Gettys , J. Mogul , H. Frystyk , L. Masinter , P. Leach , and T. Berners-Lee . Hypertext Transfer Protocol. HTTP\/1.1. RFC 2616, June 1999 . R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext Transfer Protocol. HTTP\/1.1. RFC 2616, June 1999."},{"key":"e_1_3_2_1_12_1","unstructured":"D. Fisher 2007. Personal communication.  D. Fisher 2007. Personal communication."},{"key":"e_1_3_2_1_13_1","unstructured":"D. Fisher et al. Problems with new DNS cache (\"pinning\" forever). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=162871.  D. Fisher et al. Problems with new DNS cache (\"pinning\" forever). https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=162871."},{"key":"e_1_3_2_1_14_1","volume-title":"man pleads guilty to felony hacking","author":"Goodin D.","year":"2005","unstructured":"D. Goodin . Calif. man pleads guilty to felony hacking . Associated Press , Janurary 2005 . D. Goodin. Calif. man pleads guilty to felony hacking. Associated Press, Janurary 2005."},{"key":"e_1_3_2_1_15_1","unstructured":"Google. dnswall.http:\/\/code.google.com\/p\/google-dnswall\/.  Google. dnswall.http:\/\/code.google.com\/p\/google-dnswall\/."},{"volume-title":"Google Safe Browsing for Firefox","year":"2005","key":"e_1_3_2_1_16_1","unstructured":"Google. Google Safe Browsing for Firefox , 2005 . http:\/\/www.google.com\/tools\/firefox\/safebrowsing\/. Google. Google Safe Browsing for Firefox, 2005. http:\/\/www.google.com\/tools\/firefox\/safebrowsing\/."},{"key":"e_1_3_2_1_17_1","unstructured":"S. Grimm et al. Setting document.domain doesn't match an implicit parent domain. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=183143.  S. Grimm et al. Setting document.domain doesn't match an implicit parent domain. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=183143."},{"key":"e_1_3_2_1_18_1","volume-title":"Blackhat USA","author":"Grossman J.","year":"2006","unstructured":"J. Grossman and T. Niedzialkowski . Hacking intranet websites from the outside: JavaScript malware just got a lot more dangerous . In Blackhat USA , August 2006 . Invited talk. J. Grossman and T. Niedzialkowski. Hacking intranet websites from the outside: JavaScript malware just got a lot more dangerous. In Blackhat USA, August 2006. Invited talk."},{"key":"e_1_3_2_1_19_1","unstructured":"I. Hickson et al. HTML 5 Working Draft. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/.  I. Hickson et al. HTML 5 Working Draft. http:\/\/www.whatwg.org\/specs\/web-apps\/current-work\/."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135884"},{"key":"e_1_3_2_1_21_1","unstructured":"M. Johns. (somewhat) breaking the same-origin policy by undermining DNS pinning August 2006. http:\/\/shampoo.antville.org\/stories\/1451301\/.  M. Johns. (somewhat) breaking the same-origin policy by undermining DNS pinning August 2006. http:\/\/shampoo.antville.org\/stories\/1451301\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_3"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315254"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180434"},{"key":"e_1_3_2_1_25_1","unstructured":"G. Maone. DNS Spoofing\/Pinning. http:\/\/sla.ckers.org\/forum\/read.php?6 4511 14500.  G. Maone. DNS Spoofing\/Pinning. http:\/\/sla.ckers.org\/forum\/read.php?6 4511 14500."},{"key":"e_1_3_2_1_26_1","unstructured":"G. Maone. NoScript. http:\/\/noscript.net\/.  G. Maone. NoScript. http:\/\/noscript.net\/."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1785594.1785634"},{"key":"e_1_3_2_1_28_1","unstructured":"A. Megacz. XWT Foundation Security Advisory. http:\/\/xwt.org\/research\/papers\/sop.txt.  A. Megacz. XWT Foundation Security Advisory. http:\/\/xwt.org\/research\/papers\/sop.txt."},{"key":"e_1_3_2_1_29_1","unstructured":"A. Megacz and D. Meketa. X-RequestOrigin. http:\/\/www.xwt.org\/x-requestorigin.txt.  A. Megacz and D. Meketa. X-RequestOrigin. http:\/\/www.xwt.org\/x-requestorigin.txt."},{"volume-title":"January","year":"2004","key":"e_1_3_2_1_30_1","unstructured":"Microsoft. Microsoft Web Enterprise Portal , January 2004 . http:\/\/www.microsoft.com\/technet\/itshowcase\/content\/MSWebTWP.mspx. Microsoft. Microsoft Web Enterprise Portal, January 2004. http:\/\/www.microsoft.com\/technet\/itshowcase\/content\/MSWebTWP.mspx."},{"volume-title":"Microsoft phishing filter: A new approach to building trust in e-commerce content","year":"2005","key":"e_1_3_2_1_31_1","unstructured":"Microsoft. Microsoft phishing filter: A new approach to building trust in e-commerce content , 2005 . Microsoft. Microsoft phishing filter: A new approach to building trust in e-commerce content, 2005."},{"key":"e_1_3_2_1_32_1","volume-title":"Domain Names. Implementation and Specification. IETF RFC","author":"Mockapetris P.","year":"1987","unstructured":"P. Mockapetris . Domain Names. Implementation and Specification. IETF RFC 1035, November 1987 . P. Mockapetris. Domain Names. Implementation and Specification. IETF RFC 1035, November 1987."},{"key":"e_1_3_2_1_33_1","unstructured":"C. Nuuja (Adobe) 2007. Personal communication.  C. Nuuja (Adobe) 2007. Personal communication."},{"key":"e_1_3_2_1_34_1","unstructured":"G. Ollmann. The pharming guide. http:\/\/www.ngssoftware.com\/papers\/ThePharmingGuide.pdf August 2005.  G. Ollmann. The pharming guide. http:\/\/www.ngssoftware.com\/papers\/ThePharmingGuide.pdf August 2005."},{"key":"e_1_3_2_1_35_1","volume-title":"Address Allocation for Private Internets. IETF RFC 1918","author":"Rekhter Y.","year":"1996","unstructured":"Y. Rekhter , B. Moskowitz , D. Karrenberg , G. J. de Groot , and E. Lear . Address Allocation for Private Internets. IETF RFC 1918 , February 1996 . Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear. Address Allocation for Private Internets. IETF RFC 1918, February 1996."},{"key":"e_1_3_2_1_36_1","volume-title":"RSA Conference","author":"Roskind J.","year":"2001","unstructured":"J. Roskind . Attacks against the Netscape browser . In RSA Conference , April 2001 . Invited talk. J. Roskind. Attacks against the Netscape browser. In RSA Conference, April 2001. Invited talk."},{"key":"e_1_3_2_1_37_1","volume-title":"http:\/\/blogs.msdn.com\/dross\/archive\/2007\/07\/09\/notes-on-dns-pinning.aspx","author":"Ross D.","year":"2007","unstructured":"D. Ross . Notes on DNS pinning. http:\/\/blogs.msdn.com\/dross\/archive\/2007\/07\/09\/notes-on-dns-pinning.aspx , 2007 . D. Ross. Notes on DNS pinning. http:\/\/blogs.msdn.com\/dross\/archive\/2007\/07\/09\/notes-on-dns-pinning.aspx, 2007."},{"key":"e_1_3_2_1_38_1","unstructured":"J. Ruderman. JavaScript Security: Same Origin. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html.  J. Ruderman. JavaScript Security: Same Origin. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"volume-title":"The spamhaus block list","year":"2007","key":"e_1_3_2_1_39_1","unstructured":"Spamhaus. The spamhaus block list , 2007 . http:\/\/www.spamhaus.org\/sbl\/. Spamhaus. The spamhaus block list, 2007. http:\/\/www.spamhaus.org\/sbl\/."},{"key":"e_1_3_2_1_41_1","volume-title":"August","author":"Topf J.","year":"2001","unstructured":"J. Topf . HTML Form Protocol Attack , August 2001 . http:\/\/www.remote.org\/jochen\/sec\/hfpa\/hfpa.pdf. J. Topf. HTML Form Protocol Attack, August 2001. http:\/\/www.remote.org\/jochen\/sec\/hfpa\/hfpa.pdf."},{"key":"e_1_3_2_1_42_1","unstructured":"D. Veditz et al. document.domain abused to access hosts behind firewall. https:\/\/bugzilla.mozilla.org\/show bug.cgi?id=154930.  D. Veditz et al. document.domain abused to access hosts behind firewall. https:\/\/bugzilla.mozilla.org\/show bug.cgi?id=154930."},{"key":"e_1_3_2_1_43_1","unstructured":"W3C. The XMLHttpRequest Object February 2007. http:\/\/www.w3.org\/TR\/XMLHttpRequest\/.  W3C. The XMLHttpRequest Object February 2007. http:\/\/www.w3.org\/TR\/XMLHttpRequest\/."},{"key":"e_1_3_2_1_44_1","volume-title":"Reuters","author":"Warner B.","year":"2004","unstructured":"B. Warner . Home PCs rented out in sabotage-for-hire racket . Reuters , July 2004 . B. Warner. Home PCs rented out in sabotage-for-hire racket. Reuters, July 2004."},{"key":"e_1_3_2_1_45_1","unstructured":"J. Winter and M. Johns. LocalRodeo: Client-side protection against JavaScript Malware. http:\/\/databasement.net\/labs\/localrodeo\/ 2007.  J. Winter and M. Johns. LocalRodeo: Client-side protection against JavaScript Malware. http:\/\/databasement.net\/labs\/localrodeo\/ 2007."},{"key":"e_1_3_2_1_46_1","volume-title":"Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail. IETF RFC","author":"Wong M.","year":"2006","unstructured":"M. Wong and W. Schlitt . Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail. IETF RFC 4408, April 2006 . M. Wong and W. Schlitt. Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail. IETF RFC 4408, April 2006."}],"event":{"name":"CCS07: 14th ACM Conference on Computer and Communications Security 2007","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"],"location":"Alexandria Virginia USA","acronym":"CCS07"},"container-title":["Proceedings of the 14th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315298","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1315245.1315298","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:58:21Z","timestamp":1750258701000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1315245.1315298"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,10,28]]},"references-count":45,"alternative-id":["10.1145\/1315245.1315298","10.1145\/1315245"],"URL":"https:\/\/doi.org\/10.1145\/1315245.1315298","relation":{},"subject":[],"published":{"date-parts":[[2007,10,28]]},"assertion":[{"value":"2007-10-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}