CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Exploitable Redirects on the Web: Identification, Prevalence, and Defense

Minaxi Gupta - Indiana University

Aug 27, 2008

Size: 653.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Web sites on the Internet often use redirection. Unfortunately, without additional security, many of the redirection links can be manipulated and abused to mask phishing attacks. In this work, we prescribe a set of heuristics to identify redirects that can be exploited. Using these heuristics, we examine the prevalence of exploitable redirects present in today's Web. Finally, we propose techniques for Web servers to secure their redirects and for clients to protect themselves from being misled by manipulated redirects.

This work was presented at the USENIX Workshop On Offensive Technologies (WOOT) in July, 2008. Subsequently, several online press venues have covered it, including The Washington Post, SC Magazine, and Herald Times.

About the Speaker

Minaxi Gupta is an Assistant Professor in the Computer Science
Department at Indiana University (Bloomington). She joined IU after
finishing her Ph.D. in Computer Science from Georgia Tech in 2004.
Gupta's research interests are in Computer Networks and Security. She
is currently working on understanding Internet's vulnerabilities and
how attackers are using them to their advantage, especially in the
context of phishing. Her other research focus is on re-architecting
the Internet. Gupta is the recipient of the prestigious Trustees
Teaching Award (2007-2008) and Outstanding Junior Faculty Award
(2006-2007) from Indiana University.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.