{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:26:49Z","timestamp":1750307209926,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,4,16]],"date-time":"2012-04-16T00:00:00Z","timestamp":1334534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,4,16]]},"DOI":"10.1145\/2187836.2187880","type":"proceedings-article","created":{"date-parts":[[2012,4,24]],"date-time":"2012-04-24T18:41:27Z","timestamp":1335292887000},"page":"321-330","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["SessionJuggler"],"prefix":"10.1145","author":[{"given":"Elie","family":"Bursztein","sequence":"first","affiliation":[{"name":"Stanford University, Stanford, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chinmay","family":"Soman","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Boneh","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford , CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John C.","family":"Mitchell","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2012,4,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"41st Parameters. Deviceinsight. http:\/\/www.the41.com\/land\/DeviceID.asp.  41st Parameters. Deviceinsight. http:\/\/www.the41.com\/land\/DeviceID.asp."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367568"},{"key":"e_1_3_2_1_3_1","volume-title":"Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009)","author":"Adida B.","year":"2009","unstructured":"B. Adida , A. Barth , and C. Jackson . Rootkits for javascript environments . In Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009) , 2009 . B. Adida, A. Barth, and C. Jackson. Rootkits for javascript environments. In Proc. of 3rd USENIX Workshop on Offensive Technologies (WOOT 2009), 2009."},{"key":"e_1_3_2_1_4_1","volume-title":"Usenix Security","author":"Aggarwal G.","year":"2010","unstructured":"G. Aggarwal , E. Bursztein , C. Jackson , and D. Boneh . An analysis of private browsing modes in modern browsers . In Usenix Security , 2010 . G. Aggarwal, E. Bursztein, C. Jackson, and D. Boneh. An analysis of private browsing modes in modern browsers. In Usenix Security, 2010."},{"key":"e_1_3_2_1_5_1","volume-title":"Open Ajax Alliance","author":"Alliance O.","year":"2008","unstructured":"O. Alliance . Ajax and mashup security. Technical report , Open Ajax Alliance , 2008 . O. Alliance. Ajax and mashup security. Technical report, Open Ajax Alliance, 2008."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA.2009.5069395"},{"key":"e_1_3_2_1_7_1","first-page":"2","volume-title":"Proceedings of the 8th conference on USENIX Security Symposium-Volume 8","author":"Balfanz D.","unstructured":"D. Balfanz and E. Felten . Hand-held computers can be better smart cards . In Proceedings of the 8th conference on USENIX Security Symposium-Volume 8 , page 2 . USENIX Association, 1999. D. Balfanz and E. Felten. Hand-held computers can be better smart cards. In Proceedings of the 8th conference on USENIX Security Symposium-Volume 8, page 2. USENIX Association, 1999."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/1888881.1888904"},{"key":"e_1_3_2_1_9_1","unstructured":"E. Butler. Firesheep. http:\/\/en.wikipedia.org\/wiki\/Firesheep.  E. Butler. Firesheep. http:\/\/en.wikipedia.org\/wiki\/Firesheep."},{"key":"e_1_3_2_1_10_1","volume-title":"ToorCon 2010","author":"Butler E.","year":"2010","unstructured":"E. Butler and I. Gallagher . Hey web 2.0: Start protecting user privacy instead of pretending to . ToorCon 2010 , 2010 . sandiego.toorcon.org. E. Butler and I. Gallagher. Hey web 2.0: Start protecting user privacy instead of pretending to. ToorCon 2010, 2010. sandiego.toorcon.org."},{"key":"e_1_3_2_1_11_1","volume-title":"community. Request for comments: 5849 the oauth 1.0 protocol.http:\/\/tools.ietf.org\/html\/rfc5849","author":"O.","year":"2010","unstructured":"O. community. Request for comments: 5849 the oauth 1.0 protocol.http:\/\/tools.ietf.org\/html\/rfc5849 , 2010 . O. community. Request for comments: 5849 the oauth 1.0 protocol.http:\/\/tools.ietf.org\/html\/rfc5849, 2010."},{"volume-title":"An Investigation of Negative Authentication Systems. InProceedings of 3rd International Conference on Information Warfare and Security.","author":"Dasgupta D.","key":"e_1_3_2_1_12_1","unstructured":"D. Dasgupta and R. Azeem . An Investigation of Negative Authentication Systems. InProceedings of 3rd International Conference on Information Warfare and Security. D. Dasgupta and R. Azeem. An Investigation of Negative Authentication Systems. InProceedings of 3rd International Conference on Information Warfare and Security."},{"key":"e_1_3_2_1_13_1","volume-title":"Siemens Enterprise Communications UK-Security Solutions","author":"de Borde D.","year":"2008","unstructured":"D. de Borde and S. Consulting . Two-factor authentication . Siemens Enterprise Communications UK-Security Solutions , 2008 . D. de Borde and S. Consulting. Two-factor authentication. Siemens Enterprise Communications UK-Security Solutions, 2008."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881151.1881152"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/1361397.1361415"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1378600.1378623"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1151828.1151854"},{"key":"e_1_3_2_1_19_1","unstructured":"Google. Google hall of fame. http:\/\/www.google.com\/about\/corporate\/company\/halloffame.html.  Google. Google hall of fame. http:\/\/www.google.com\/about\/corporate\/company\/halloffame.html."},{"key":"e_1_3_2_1_20_1","unstructured":"A. M. Hagalisletto. Analyzing two-factor authentication devices.  A. M. Hagalisletto. Analyzing two-factor authentication devices."},{"key":"e_1_3_2_1_21_1","volume-title":"Proc. of the 2nd USENIX Workshop on Hot Topics in Security","author":"Jackson C.","year":"2007","unstructured":"C. Jackson , D. Boneh , and J. Mitchell . Transaction generators: Root kits for the web . In Proc. of the 2nd USENIX Workshop on Hot Topics in Security , 2007 . C. Jackson, D. Boneh, and J. Mitchell. Transaction generators: Root kits for the web. In Proc. of the 2nd USENIX Workshop on Hot Topics in Security, 2007."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11863908_27"},{"key":"e_1_3_2_1_23_1","volume-title":"Scareware haunts airport internet terminals","author":"Johnston N.","year":"2010","unstructured":"N. Johnston . Scareware haunts airport internet terminals , 2010 . symantec.com\/connect\/blogs\/scareware-haunts-airport-internet-terminals. N. Johnston. Scareware haunts airport internet terminals, 2010. symantec.com\/connect\/blogs\/scareware-haunts-airport-internet-terminals."},{"key":"e_1_3_2_1_24_1","first-page":"464","volume-title":"Security and Privacy in Communications Networks and the Workshops, 2007. Secure Comm 2007. Third International Conference on","author":"Kerschbaum F.","year":"2008","unstructured":"F. Kerschbaum . Simple cross-site attack prevention . In Security and Privacy in Communications Networks and the Workshops, 2007. Secure Comm 2007. Third International Conference on , pages 464 -- 472 . IEEE, 2008 . F. Kerschbaum. Simple cross-site attack prevention. In Security and Privacy in Communications Networks and the Workshops, 2007. Secure Comm 2007. Third International Conference on, pages 464--472. IEEE, 2008."},{"key":"e_1_3_2_1_25_1","first-page":"197","volume":"2001","author":"Mitchell V.","year":"2002","unstructured":"V. Khu-smith and C. Mitchell . Enhancing the security of cookies.Information Security and Cryptology--ICISC 2001 , pages 197 -- 230 , 2002 . V. Khu-smith and C. Mitchell. Enhancing the security of cookies.Information Security and Cryptology--ICISC 2001, pages 197--230, 2002.","journal-title":"Enhancing the security of cookies.Information Security and Cryptology--ICISC"},{"key":"e_1_3_2_1_26_1","unstructured":"R. Laboratories. One-time password specifications (otps). http:\/\/www.rsa.com\/rsalabs\/node.asp?id=2816.  R. Laboratories. One-time password specifications (otps). http:\/\/www.rsa.com\/rsalabs\/node.asp?id=2816."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1785594.1785610"},{"volume-title":"Oct","year":"2011","key":"e_1_3_2_1_28_1","unstructured":"Microsoft. Security researcher acknowledgments for microsoft online services.http:\/\/technet.microsoft.com\/en-us\/security\/cc308589 , Oct 2011 . Microsoft. Security researcher acknowledgments for microsoft online services.http:\/\/technet.microsoft.com\/en-us\/security\/cc308589, Oct 2011."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.33"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029632.1029658"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/1688933.1688943"},{"key":"e_1_3_2_1_32_1","first-page":"1","volume-title":"Proceedings of the 4th USENIX conference on Offensive technologies","author":"Rydstedt G.","year":"2010","unstructured":"G. Rydstedt , B. Gourdin , E. Bursztein , and D. Boneh . Framing attacks on smart phones and dumb routers: tap-jacking and geo-localization attacks . In Proceedings of the 4th USENIX conference on Offensive technologies , pages 1 -- 8 . USENIX Association , 2010 . G. Rydstedt, B. Gourdin, E. Bursztein, and D. Boneh. Framing attacks on smart phones and dumb routers: tap-jacking and geo-localization attacks. In Proceedings of the 4th USENIX conference on Offensive technologies, pages 1--8. USENIX Association, 2010."},{"key":"e_1_3_2_1_33_1","volume-title":"http:\/\/erratasec.blogspot.com\/2008\/01\/more-sidejacking.html","author":"Security E.","year":"2008","unstructured":"E. Security . Sidejacking. http:\/\/erratasec.blogspot.com\/2008\/01\/more-sidejacking.html , 2008 . E. Security. Sidejacking. http:\/\/erratasec.blogspot.com\/2008\/01\/more-sidejacking.html, 2008."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1378600.1378612"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/11748625_15"},{"key":"e_1_3_2_1_36_1","unstructured":"Shishir. Top 30 interesting facebook figures. http:\/\/www.shishirk.com\/2011\/02\/interesting-facebook-figures\/ Feb 2011.  Shishir. Top 30 interesting facebook figures. http:\/\/www.shishirk.com\/2011\/02\/interesting-facebook-figures\/ Feb 2011."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.42"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02617-1_7"},{"key":"e_1_3_2_1_39_1","volume-title":"W3C","author":"van Kesteren A.","year":"2010","unstructured":"A. van Kesteren . Cross-origin resource sharing. Technical report , W3C , July 2010 . A. van Kesteren. Cross-origin resource sharing. Technical report, W3C, July 2010."},{"key":"e_1_3_2_1_40_1","unstructured":"Wikipedia. Blackboard system.http:\/\/en.wikipedia.org\/wiki\/Blackboard_system.  Wikipedia. Blackboard system.http:\/\/en.wikipedia.org\/wiki\/Blackboard_system."}],"event":{"name":"WWW 2012: 21st World Wide Web Conference 2012","sponsor":["Univ. de Lyon Universite de Lyon","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Lyon France","acronym":"WWW 2012"},"container-title":["Proceedings of the 21st international conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2187836.2187880","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2187836.2187880","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:06:34Z","timestamp":1750241194000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2187836.2187880"}},"subtitle":["secure web login from an untrusted terminal using session hijacking"],"short-title":[],"issued":{"date-parts":[[2012,4,16]]},"references-count":40,"alternative-id":["10.1145\/2187836.2187880","10.1145\/2187836"],"URL":"https:\/\/doi.org\/10.1145\/2187836.2187880","relation":{},"subject":[],"published":{"date-parts":[[2012,4,16]]},"assertion":[{"value":"2012-04-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}