WWW Electronic Commerce and Java Trojan Horses
J.D. Tygar and Alma Whiten
Carnegie Mellon University
Abstract
World Wide Web electronic commerce applications often require consumers
to enter private information (such as credit card numbers) into forms in
the browser window. If third parties can insert trojan horse applications
onto a consumer's machine, they can monitor keyboard strokes and steal
private information.
This paper outlines a simple way to accomplish this using Java or
similar remote execution facilities. We implemented a simple version
of this attack. We give a general method, window personalization,
that can thwart or prevent this attack.
View the full text of this paper in
HTML and
POSTSCRIPT (8,041,072 Bytes)
To Become a USENIX Member, please see our
Membership Information.