p2pnet news | Advertising:- A Slashdot post has led to the development of special web page tripwires designed to stop sneak ad attacks.

“Our research group was surprised to hear that some ISPs have started ‘injecting advertisements into web pages requested by their end users,’ according to a recent Slashdot article,” say four University of Washington researchers.

“They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users,” posted TheWoozle last year.

“Neither the content providers nor the end-users have been notified that this is taking place, and I’m sure that they weren’t asked for permission either.”

The UoW researchers go on >>>

As a result, we set out to measure how often web pages are changed after leaving the server and before arriving in the user’s browser.

With our measurement tool, we found that approximately 1% of 50,000 visitors received pages that had been changed “in-flight.” Most of these changes were caused by software that users installed on their computer (such as personal firewalls or ad blockers), but many were caused by agents in the network, such as ISPs and enterprise firewalls.

Worse, we found that many of the products that users installed introduced bugs or security vulnerabilities into the web pages they requested.

To address this problem, publishers could choose to serve their pages over HTTPS rather than HTTP, using encryption to preserve page integrity. However, this is an expensive solution in many respects, so we offer an alternative integrity check.

In their Detecting In-Flight Page Changes with Web Tripwires, Charles Reis, Steven D. Gribble and Tadayoshi Kohno, from the University of Washington, and Nicholas C. Weaver, from the International Computer Science Institute, say changes include pop-up blocking scripts planted by client software, ads injected by ISPs, and, “even malicious code likely inserted by malware using ARP poisoning”.

They also found alterations by client software could cause harm, such as introducing cross-site scripting vulnerabilities into most pages a client visits.

“To help publishers understand and react appropriately to such changes, we introduceweb tripwires – client-side JavaScript code that can detect most in-flight modifications to a web page,” they say, discussing several designs, “intended to provide basic integrity checks for web servers”.

They’re more more flexible and less expensive than switching toHTTPS, and don’t call for changes to current browsers, say the four, concluding >>>

Using measurements of a large client population, we have shown that a nontrivial number of modifications occur to web pages on their journey from servers to browsers.

These changes often have negative consequences for publishers and users: agents may inject or remove ads, spread exploits, or introduce bugs into working pages.

Worse, page rewriting software may introduce vulnerabilities into otherwise safe web sites, showing that such software must be carefully scrutinized to ensure the benefits outweigh the risks.

Overall, page modifications can present a significant threat to publishers and users when pages are transferred over HTTP.

Web tripwires don’t protect against all threats to page integrity, but, “they can be effective for discovering even adversarial page changes, say the four researchers, adding:

“Our publisher-hosted and service-hosted implementations are easy to add to web pages.”

They’re available here.

Slashdot it!

---

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Wednesday, April 16th, 2008 at 1:34 pm and is filed under Advertising. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 5222 times