"Angriffsziel UI" - Link- und Literaturverzeichnis
Dipl.-Inform. Carsten Eilers
"Angriffsziel UI" - Link- und Literaturverzeichnis
Kapitel 1: Angriffe über Logikfehler
Kapitel 2: Sicheres Einloggen mit zwei Faktoren
Kapitel 3: UI-Redressing aka Clickjacking
[1] Carsten Eilers: "Clickjacking - Angriffe auf Seiten ohne Schwachstellen"
[2] Carsten Eilers: "Der Angriff der Clickjacking-Würmer, "Likejacking" und "Buttonjacking"
[3] RFC 7034 - HTTP Header Field X-Frame-Options
[4] Bugzilla@Mozilla Bug 725490:X-Frame-Options: SAMEORIGIN largely useless as implemented
[5] W3C: Content Security Policy 1.0
[6] W3C: Content Security Policy 1.1
[7] W3C: User Interface Security Directives for Content Security Policy
[8] Mozilla Security Blog: "Content Security Policy 1.0 Lands In Firefox"
[9] Robert Hansen, Jeremiah Grossman: "Clickjacking"
[10] Guy Aharonovsky: "Malicious camera spying using ClickJacking"
[11] Feross Aboukhadijeh: "HOW TO: Spy on the Webcams of Your Website Visitors"
[12] Ahamed Nafeez: "Adobe Flash Webcam clickjacking - The security fix that wasn't."
[13] Jitendra Jaiswal, Hacking Concepts: "Click-jacking or UI Redressing"
[14] Paul Stone, Black Hat Europe 2010: "Next Generation Clickjacking"
[15] Paul Stone, Context Security: "Clickjacking - Black Hat 2010"
[16] Paul Stone, Context Security: Clickjacking Tool
[17] Rosario Valotta, Hack in the Box Amsterdam 2011: "CookieJacking"
(Paper dazu als PDF )
[18] Rosario Valotta: Cookiejacking FAQ
[19] Jim Finkle, Reuters: "Microsoft latest security risk: "Cookiejacking""
[20] Eric Y. Chen, Sergey Gorbaty, Astha Singhal, Collin Jackson; IEEE Symposium on Security and Privacy 2012: "Self-Exfiltration: The Dangers of Browser-Enforced Information Flow Control"
(PDF auf archive.org)
[21] Luca De Fulgentis, Nibble Security: "UI Redressing Mayhem: Identification Attacks and UI Redressing on Google Chrome"
[22] Devdatta Akhawe, Black Hat USA 2013: "Clickjacking revisited: A perceptual View of UI Security"
[23] Devdatta Akhawe, Warren He, Zhiwei Li, Reza Moazzezi, Dawn Song; 8th USENIX Workshop on Offensive Technologies WOOT 2014: "Clickjacking Revisited: A Perceptual View of UI Security"
[24] YouTube-Video: Black Hat USA 2013 - Clickjacking Revisited: A Perceptual View of UI Security
[25] Carsten Eilers: "Zeus - Trojaner, Botnet, Schädlingsbaukasten, ..."
[26] Jennifer Gumban, Trend Micro Security Intelligence Blog: "Sunsets and Cats Can Be Hazardous to Your Online Bank Account"
Zurück