TY - GEN
T1 - HTTPS
T2 - 7th International Conference on Information Communication and Management, ICICM 2017
AU - Benítez-Mejía, Diana Gabriela Noemí
AU - Zacatenco-Santos, Alejandro
AU - Toscano-Medina, Linda Karina
AU - Sánchez-Pérez, Gabriel
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/8/28
Y1 - 2017/8/28
N2 - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.
AB - In this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to the fact that it complies with security measures as a legitimate HTTPS connection. We perform the attack with a web server and a fake certificate authority. The web server hosts the phishing website, whereas the fake certificate authority, issues the certificates for the website. The success of this attack occurs when the victim or the attacker exports the certificates into the web browser. With this paper we prove that some web browsers are vulnerable to this attack, despite their having their own certificate authorities list.
KW - Certificate authority
KW - Certificates
KW - HTTPS
KW - Phishing
KW - SSL
KW - Web browser
UR - http://www.scopus.com/inward/record.url?scp=85033665131&partnerID=8YFLogxK
U2 - 10.1145/3134383.3134389
DO - 10.1145/3134383.3134389
M3 - Contribución a la conferencia
AN - SCOPUS:85033665131
T3 - ACM International Conference Proceeding Series
SP - 24
EP - 27
BT - ICICM 2017 - Proceedings of the 7th International Conference on Information Communication and Management
PB - Association for Computing Machinery
Y2 - 28 August 2017 through 30 August 2017
ER -