[93]
[112]
[113]
[114]
[115]
[116]
[117]
[118]
[119]
[120]
[121]
[122]
[123]
[124]
[125]
[126]
[127]
[128]
[129]
[130]
[131]
[132]
[133]
[134]
[135]
[176]
[177]
[178]
[179]
[180]
[181]
[182]
[183]
[184]
[185]
[186]
[187]
[188]
[189]
[190]
[191]
[192]
[193]
[194]
[195]
[86] D.E. Bell and L.J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation (ESD-TR-75-306), Bedford, MA: MITRE Corporation for US Air Force (1976), http://csrc.nist.gov/publications/history/bell76.pdf.
[87] C.E. Landwehr, C.L. Heitmeyer, and J.D. McLean, “A Security Model for Military Message Systems: Retrospective,” paper presented at the 17th Annual Computer Security Applications Conference, New Orleans, LA (2001), http://www.acsa-admin.org/2001/papers/141.pdf.
[88] V. Bush, “As We May Think,” Atlantic Monthly (July 1945), http://www.theatlantic.com/doc/194507/bush/.
[89] R. Dhamija, J.D. Tygar, and M. Hearst, “Why Phishing Works,” paper presented at the Conference on Human Factors in Computing Systems, Montreal, Canada (2006), http://people.seas.harvard.edu/~rachna/papers/why_phishing_works.pdf.
[90] C. Jackson, D.R. Simon, D.S. Tan, and A. Barth, “An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks,” paper presented at Usable Security, Lowlands, Trinidad and Tobago (2007), http://usablesecurity.org/papers/jackson.pdf.
[91] C. Jackson and A. Barth, “Beware of Finer-Grained Origins,” paper presented at Web 2.0 Security and Privacy, Oakland, CA (2008), http://seclab.stanford.edu/websec/origins/fgo.pdf; C. Jackson, and A. Barth, “Beware of Coarser-Grained Origins,” paper presented at Web 2.0 Security and Privacy, Oakland, CA (2008), http://seclab.stanford.edu/websec/origins/scheme/.
[92] “Security Exploit Uses Internet Explorer to Attack Mozilla Firefox,” MozillaZine (July 11, 2007), http://www.mozillazine.org/talkback.html?article=22198.
[93] Net Applications website, http://marketshare.hitslink.com/browser-market-share.aspx?qprid=0, http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2 (accessed June 13, 2011).
[94] T. Berners-Lee, R. Fielding, and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” IETF Request for Comments 3986 (2005), http://www.ietf.org/rfc/rfc3986.txt.
[95] T. Berners-Lee, L. Masinter, and M. McCahill, “Uniform Resource Locators (URL),” IETF Request for Comments 1738 (1994), http://www.ietf.org/rfc/rfc1738.txt.
[96] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, “Hypertext Transfer Protocol—HTTP/1.1,” IETF Request for Comments 2616 (1999), http://www.ietf.org/rfc/rfc2616.txt.
[97] “Uniform Resource Identifer (URI) Schemes per RFC4395,” Internet Assigned Numbers Authority (June 6, 2011), http://www.iana.org/assignments/uri-schemes.html.
[98] P. Mockapetris, “Domain Names—Implementation and Specification,” IETF Request for Comments 1035 (1987), http://www.ietf.org/rfc/rfc1035.txt.
[99] T. Berners-Lee, “Universal Resource Identifiers in WWW,” IETF Request for Comments 1630 (1994), http://www.w3.org/Addressing/rfc1630.txt.
[100] P. Hoffman, L. Masinter, and J. Zawinski, “The mailto URL Scheme,” IETF Request for Comments 2368 (1998), http://www.ietf.org/rfc/rfc2368.txt.
[101] “HTML 4.01 Specification: Forms,” World Wide Web Consortium (1999), http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1.
[102] P. Faltstrom, P. Hoffman, and A. Costello, “Internationalizing Domain Names in Applications (IDNA),” IETF Request for Comments 3490 (2003), http://www.ietf.org/rfc/rfc3490.txt.
[103] A. Costello, “Punycode: A Bootstring Encoding of Unicode for Internationalized Domain Names in Applications (IDNA),” IETF Request for Comments 3492 (2003), http://www.ietf.org/rfc/rfc3492.txt.
[104] E. Gabrilovich and A. Gontmakher, “The Homograph Attack,” Communications of the ACM (2002), http://www.cs.technion.ac.il/~gabr/papers/homograph_full.pdf.
[105] E. Rescorla, “HTTP Over TLS,” IETF Request for Comments 2818 (2000), http://www.ietf.org/rfc/rfc2818.txt.
[106] J. Postel and J. Reynolds, “File Transfer Protocol (FTP),” IETF Request for Comments 959 (1985), http://www.ietf.org/rfc/rfc959.txt.
[107] F. Anklesaria, M. McCahill, P. Lindner, D. Johnson, D. Torrey, and B. Alberti, “The Internet Gopher Protocol,” IETF Request for Comments 1436 (1993), http://www.ietf.org/rfc/rfc1436.txt.
[108] E. Rescorla and A. Schiffman, “The Secure HyperText Transfer Protocol,” IETF Request for Comments 2660 (1999), http://www.ietf.org/rfc/rfc2660.txt.
[109] L. Masinter, “The ‘data’ URL Scheme,” IETF Request for Comments 2397 (1998), http://www.ietf.org/rfc/rfc2397.txt.
[110] “What Are rss: and feed: Links?” http://www.brindys.com/winrss/feedformat.html.
[111] M. Zalewski, “A Note on an MHTML Vulnerability,” Lcamtuf’s blog (March 11, 2011), http://lcamtuf.blogspot.com/2011/03/note-on-mhtml-vulnerability.html.
[112] T. Berners-Lee, “The Original HTTP as defined in 1991.” World Wide Web Consortium archives (1991), http://www.w3.org/Protocols/HTTP/AsImplemented.html.
[113] T. Berners-Lee, R. Fielding, and H. Frystyk, “Hypertext Transfer Protocol—HTTP/1.0,” IETF Request for Comments 1945 (1996), http://www.ietf.org/rfc/rfc1945.txt.
[114] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, “Hypertext Transfer Protocol—HTTP/1.1,” IETF Request for Comments 2616 (1999), http://www.ietf.org/rfc/rfc2616.txt.
[115] HTTPbis Working Group, “Httpbis Status Pages,” http://tools.ietf.org/wg/httpbis/.
[116] A. Luotonen, “Tunneling TCP-Based Protocols Through Web Proxy Servers,” IETF draft (1998), http://tools.ietf.org/id/draft-luotonen-web-proxy-tunneling-01.txt.
[117] S. Chen, Z. Mao, Y.M. Wang, and M. Zhang, “Pretty-Bad-Proxy: An Overlooked Adversary in Browsers’ HTTPS Deployments,” Microsoft Research (2009), http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf.
[118] “Mozilla Cross-Reference mozilla1.8.0,” Mozilla code repository, http://mxr.mozilla.org/mozilla1.8.0/source/nsprpub/pr/src/misc/prtime.c#1045.
[119] K. Moore, “MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text,” IETF Request For Comments 2047 (1996), http://www.ietf.org/rfc/rfc2047.txt.
[120] N. Freed and K. Moore, “MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations,” IETF Request for Comments 2231 (1997), http://www.ietf.org/rfc/rfc2231.txt.
[121] Mozilla Bug Tracking System, Mozilla bug #418394, https://bugzilla.mozilla.org/show_bug.cgi?id=418394.
[122] T. Berners-Lee, “Basic HTTP as defined in 1992: Methods,” World Wide Web Consortium archives (1992), http://www.w3.org/Protocols/HTTP/Methods.html.
[123] L. Dusseault, “HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV),” IETF Request for Comments 4918 (2007), http://www.ietf.org/rfc/rfc4918.txt.
[124] See note 12 above.
[125] M. Pool, “Meantime: Non-Consensual HTTP User Tracking Using Caches” (2000), http://sourcefrog.net/projects/meantime/.
[126] L. Montulli, “Persistent Client State HTTP Cookies” (1994), http://curl.haxx.se/rfc/cookie_spec.html.
[127] D. Kristol and L. Montulli, “HTTP State Management Mechanism,” IETF Request for Comments 2109 (1997), http://www.ietf.org/rfc/rfc2109.txt.
[128] D. Kristol and L. Montulli, “HTTP State Management Mechanism,” IETF Request for Comments 2965 (2000), http://tools.ietf.org/rfc/rfc2965.txt.
[129] A. Barth, “HTTP State Management Mechanism,” IETF Request for Comments 6265 (2011), http://www.ietf.org/rfc/rfc6265.txt.
[130] J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, “HTTP Authentication: Basic and Digest Access Authentication,” IETF Request for Comments 2617 (1999), http://www.ietf.org/rfc/rfc2617.txt.
[131] R. Tschalär, “NTLM Authentication Scheme for HTTP” (2003), http://www.innovation.ch/personal/ronald/ntlm.html.
[132] E. Rescorla, “HTTP Over TLS,” IETF Request for Comments 2818 (2000), http://www.ietf.org/rfc/rfc2818.txt.
[133] P. Hallam-Baker, “The Recent RA Compromise,” Comodo IT Security (blog) (March 23, 2011), http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/.
[134] S. Chen, R. Wang, X. F. Wang, and K. Zhang, “Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow,” Microsoft Research (2010), http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf.
[135] C. Evans, “Open Redirectors: Some Sanity,” Security: Hacking Everything (blog) (June 25, 2010), http://scarybeastsecurity.blogspot.com/2010_06_01_archive.html.
[136] T. Berners-Lee, “HTML Tags,” World Wide Web Consortium archives (1991), http://www.w3.org/History/19921103-hypertext/hypertext/WWW/MarkUp/Tags.html.
[137] T. Berners-Lee and D. Connolly, “Hypertext Markup Language—2.0,” IETF Request for Comments 1866 (1995), http://www.ietf.org/rfc/rfc1866.txt.
[138] D. Raggett, “HTML 3.2 Reference Specification,” World Wide Web Consortium (1997), http://www.w3.org/TR/REC-html32.
[139] D. Raggett, A. Le Hors, and I. Jacobs, “HTML 4.01 Specification,” World Wide Web Consortium (1999), http://www.w3.org/TR/html401/.
[140] I. Hickson, “HTML5,” World Wide Web Consortium draft, revision 1.5019 (2011), http://dev.w3.org/html5/spec/Overview.html.
[141] G. Coldwind, “Too general charset = detection in meta,” Mozilla bug 640529 (2011), https://bugzilla.mozilla.org/show_bug.cgi?id=640529.
[142] H. Wium Lie and B. Bos, “Cascading Style Sheets, Level 1,” World WideWeb Consortium, (1996), http://www.w3.org/TR/CSS1/.
[143] T. Çelik, E.J. Etemad, D. Glazman, I. Hickson, P. Linss, and J. Williams, “Selectors Level 3: Selectors,” World Wide Web Consortium (2009), http://www.w3.org/TR/css3-selectors/#selectors.
[144] I. Hickson, “XML Binding Language (XBL) 2.0,” World Wide Web Consortium (2007), http://www.w3.org/TR/xbl/.
[145] G. Heyes, D. Lindsay, and E.V. Nava, “The Sexy Assassin: Tactical Exploitation Using CSS” (2009), http://www.scribd.com/doc/54664700/Tactical-Xploit-Css.
[146] Netscape Communications Corporation, “Netscape and Sun Announce JavaScript, the Open, Cross-Platform Object Scripting Language for Enterprise Networks and the Internet” (press release) (December 4, 1995), http://web.archive.org/web/20070916144913/http://wp.netscape.com/newsref/pr/newsrelease67.html.
[147] ECMA International, “ECMA-262: ECMAScript Language Specification,” 3rd ed. (1999), http://www.ecma-international.org/publications/files/ECMA-ST-ARCH/ECMA-262,%203rd%20edition,%20December%201999.pdf.
[148] ECMA International, “ECMA-262: ECMAScript Language Specification,” 5th ed. (2009), http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-262.pdf.
[149] D. Crockford, “The Application/JSON Media Type for JavaScript Object Notation (JSON),” IETF Request for Comments 4627 (2006), http://www.ietf.org/rfc/rfc4627.txt.
[150] J. Schneider, R. Yu, and J. Dyer, eds., “Standard ECMA-357: ECMAScript for XML (E4X) Specification,” 2nd ed., ECMA International (2005), http://www.ecma-international.org/publications/standards/Ecma-357.htm.
[151] P. Le Hégaret, R. Whitmer, and L. Wood, “Document Object Model (DOM),” World Wide Web Consortium (2005), http://www.w3.org/DOM/.
[152] E. Vela Nava, “Bug 38922—innerHTML decompilation issues in text-area” (WebKit bug-tracking system post) (2010), https://bugs.webkit.org/show_bug.cgi?id=38922.
[153] “Windows Scripting 5.8: MsgBox Function,” Microsoft Developer Network Platforms (2009), http://msdn.microsoft.com/en-us/library/sfw6660x%28v=vs.85%29.aspx.
[154] D. Crockford, “JSON in JavaScript,” GitHub Social Coding (blog) (March 5, 2011), https://github.com/douglascrockford/JSON-js/blob/master/json2.js.
[155] J. Ferraiolo, F. Jun, and D. Jackson, “Scalable Vector Graphics (SVG) 1.1 Specification,” World Wide Web Consortium (2003), http://www.w3.org/TR/2003/REC-SVG11-20030114/.
[156] D. Carlisle, P. Ion, and R. Miner, “Mathematical Markup Language (MathML) Version 3.0,” World Wide Web Consortium WC3 Recommendation 21 (2010), http://www.w3.org/TR/MathML3/.
[157] A. Mechelynck, “XUL,” Mozilla Developer Network (2011), https://developer.mozilla.org/en/xul.
[158] Wireless Application Protocol Forum, “Wireless Application Protocol: Wireless Markup Language Specification version 30” (1998), http://www.wapforum.org/what/technical/wml-30-apr-98.pdf.
[159] RSS Advisory Board, “RSS 2.0 Specification version 2.0.11” (2009), http://www.rssboard.org/rss-specification.
[160] M. Nottingham and R. Sayre, eds., “The Atom Syndication Format,” IETF Request for Comments 4287 (2005), http://www.ietf.org/rfc/rfc4287.txt.
[161] E. Mills, “Security Labs Report: January-June 2010 Recap,” M86 Security (2010), http://www.m86security.com/documents/pdfs/security_labs/m86_security_labs_report_1H2010.pdf.
[162] B. Rios, “Sun Fixes GIFARs” (December 17, 2008), http://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/.
[163] A.K. Sood, “PDF Silent HTTP Form Repurposing Attacks,” SecNiche Security Labs (2009), http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf.
[164] P.D. Petkov, “Universal PDF XSS Afterparty” (January 4, 2007), http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/.
[165] S. Jobs, “Thoughts on Flash” (2010), http://www.apple.com/hotnews/thoughts-on-flash/.
[166] “Adobe Shockwave Player,” Adobe Systems Incorporated, http://www.adobe.com/products/shockwaveplayer/.
[167] “ActionScript 3.0 Reference for the Adobe Flash Platform,” Adobe Systems Incorporated, http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/index.html.
[168] “Content Played Back in Flash Player Reaches 99% of Internet Viewers,” Adobe Systems Incorporated (March 2011), http://www.adobe.com/products/player_census/flashplayer/.
[169] “Web Browser Plugin Market Share,” StatOwl (May 2011), http://www.statowl.com/plugin_overview.php.
[170] “ActionScript 3.0 Reference for the Adobe Flash Platform: External-Interface,” Adobe Systems Incorporated, http://livedocs.adobe.com/flex/3/langref/flash/external/ExternalInterface.html#includeExamplesSummary.
[171] “XAML Overview (WPF),” Microsoft Corporation, http://msdn.microsoft.com/en-us/library/ms752059.aspx.
[172] “Rich Internet Application Statistics” (July 2011), http://www.riastats.com/. See also StatOwl (Chapter 8, note 9).
[173] “Secunia Half Year Report 2010,” Secunia (2010), http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf.
[174] “WPF XAML Browser Applications Overview,” Microsoft Corporation, http://msdn.microsoft.com/en-us/library/aa970060.aspx.
[175] “Akamai Download Manager Help,” Microsoft Corporation, https://msdn.microsoft.com/en-us/subscriptions/manage/bb153537.aspx.
[176] A. Klein, “IE + Some Popular Forward Proxy Servers = XSS, Defacement (Browser Cache Poisoning)” (May 22, 2006), http://seclists.org/webappsec/2006/q2/352; M. Zalewski, “Web 2.0 Backdoors Made Easy with MSIE & XMLHttpRequest” (February 3, 2007), http://seclists.org/fulldisclosure/2007/Feb/81.
[177] A. van Kesteren, ed., “Cross-Origin Resource Sharing,” working draft, World Wide Web Consortium (July 27, 2010), http://www.w3.org/TR/cors/.
[178] I. Hickson, “Web Storage,” editor’s draft, World Wide Web Consortium (July 28, 2011), http://dev.w3.org/html5/webstorage/.
[179] J. Stenback, “Make sessionStorage Use Principals Instead of String Domains,” Mozilla bug #495337 (May 28, 2009), https://bugzilla.mozilla.org/show_bug.cgi?id=495337.
[180] T. Ormandy, “Common DNS Misconfiguration Can Lead to ‘Same Site’ Scripting” (January 18, 2008), http://seclists.org/bugtraq/2008/Jan/270.
[181] R. Singel, “ISPs’ Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses,” Wired (April 19, 2008), http://www.wired.com/threatlevel/2008/04/isps-error-page/.
[182] “APSB10-14 Security Update Available for Adobe Flash Player,” Adobe Systems Incorporated (June 10, 2010), http://www.adobe.com/support/security/bulletins/apsb10-14.html.
[183] “Understanding Flash Player 9 April 2008: Security Update Compatibility,” Adobe Systems Incorporated (April 8, 2008), http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html.
[184] “ActionScript® 3.0 Reference for the Adobe® Flash® Platform: URLRequestHeader,” Adobe Systems Incorporated, http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequestHeader.html.
[185] “ActionScript® 3.0 Reference for the Adobe® Flash® Platform: Security,” Adobe Systems Incorporated, http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/system/Security.html.
[186] “Adobe Cross Domain Policy File Specification,” version 2.0, Adobe Systems Incorporated (August 2, 2010), http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1.
[187] M. Zalewski, “[RAZOR] Linux Kernel IP Masquerading Vulnerability” (July 30, 2001), http://seclists.org/bugtraq/2001/Jul/733.
[188] “Silverlight: WebHeaderCollection Class,” Microsoft, http://msdn.microsoft.com/en-us/library/system.net.webheadercollection%28v=VS.95%29.aspx.
[189] “Class HttpURLConnection,” Sun Microsystems/Oracle, http://download.oracle.com/javase/1.4.2/docs/api/java/net/HttpURLConnection.html.
[190] “Class URLConnection,” Sun Microsystems/Oracle, http://download.oracle.com/javase/1.4.2/docs/api/java/net/URLConnection.html.
[191] “Class Socket,” Sun Microsystems/Oracle, http://download.oracle.com/javase/1.4.2/docs/api/java/net/Socket.html.
[192] “Java-to-Javascript Communication,” Sun Microsystems/Oracle, http://download.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/java_js.html.
[193] “Java-to-Javascript Communication: Common DOM API,” Sun Microsystems/Oracle, http://download.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/java_js.html#common_dom.
[194] B. “Snowhare” Franz, “Triple Dot Cookies” (1998), http://snowhare.com/utilities/triple_dot/.
[195] “Adobe ActionScript 3.0: Security Sandboxes,” Adobe Systems Incorporated, http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9b90204-7e3f.html.
[196] L. Masinter, “The ‘data’ URL scheme,” IETF Request for Comments 2397 (1998), http://www.ietf.org/rfc/rfc2397.txt.
[197] M. Zalewski, “about:neterror, certerror permit URL spoofing by being same-origin with about:blank,” Mozilla bug #602780 (CVE-2010-3774) (2010), https://bugzilla.mozilla.org/show_bug.cgi?id=602780.
[198] G. Guninski, “Frame spoofing using loading two frames,” Mozilla bug #13871 (1999), https://bugzilla.mozilla.org/show_bug.cgi?id=13871.
[199] R. Zilberman, “Frame spoofing is possible within a short time frame while the window is loading,” Mozilla bug #381300 (CVE-2007-3089) (2008), https://bugzilla.mozilla.org/show_bug.cgi?id=381300.
[200] A. Barth, C. Jackson, and J.C. Mitchell, “Securing Frame Communication in Browsers,” Communications of the ACM 52, no. 6 (2009): 83-91, http://www.adambarth.com/papers/2009/barth-jackson-mitchell-cacm.pdf.
[201] R. Hansen and J. Grossman, “Clickjacking” (2008), http://www.sectheory.com/clickjacking.htm.
[202] M. Zalewski, “Dealing with UI redress vulnerabilities inherent to the current web” (post to whatwg.org list) (September 25, 2008), http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2008-September/thread.html#16292.
[203] E. Lawrence, “IE8 Security Part VII: ClickJacking Defenses,” IEBlog (January 27, 2009), http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx.
[204] SHODAN, “HTTP Header Survey” (March 14, 2011), http://www.shodanhq.com/research/infodisc/report.
[205] P. Stone, “Next Generation Clickjacking,” Blackhat Europe (2010), http://blog.c22.cc/2010/04/14/blackhat-europe-next-generation-clickjacking-3/.
[206] M. Zalewski, “The curse of inverse strokejacking,” Icamtuf’s blog (June 8, 2010), http://lcamtuf.blogspot.com/2010/06/curse-of-inverse-strokejacking.html.
[207] C. Evans, “Generic cross-browser cross-domain theft,” Security (blog) (December 28, 2009) http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html.
[208] C. Evans, “IE8 CSS-based forced tweeting,” Security (blog) (September 29, 2010), http://scarybeastsecurity.blogspot.com/2010/09/ie8-css-based-forced-tweeting.html.
[209] I. Hickson, “HTML: 4.8.11 The canvas element,” WHATWG (2011), http://www.whatwg.org/specs/web-apps/current-work/multipage/the-canvas-element.html.
[210] E.W. Felten and M.A. Schneider, “Timing Attacks on Web Privacy,” Proceedings of the 7th ACM Conference on Computer and Communications Security (2000), http://sip.cs.princeton.edu/pub/webtiming.pdf.
[211] C. Evans, “Cross-domain search timing,” Security (blog) (December 11, 2009), http://scarybeastsecurity.blogspot.com/2009/12/cross-domain-search-timing.html.
[212] C. Wilson, P. Le Hégaret, and V. Apparao, “Document Object Model CSS: 2.2.1 Override and computed style sheet,” World Wide Web Consortium (2000), http://www.w3.org/TR/DOM-Level-2-Style/css.html#CSS-OverrideAndComputed.
[213] “currentStyle Object,” Microsoft Corporation MSDN Library, http://msdn.microsoft.com/en-us/library/ms535231%28v=vs.85%29.aspx.
[214] A. Clover, “CSS visited pages disclosure” (February 20, 2002), http://seclists.org/bugtraq/2002/Feb/271.
[215] Z. Weinberg, E.Y. Chen, P.R. Jayaraman, and C. Jackson, “I Still Know What You Visited Last Summer” (2011), http://websec.sv.cmu.edu/visited/visited.pdf.
[216] J. Schwartz, “Giving Web a Memory Cost Its Users Privacy,” New York Times (September 4, 2001), http://www.nytimes.com/2001/09/04/technology/04COOK.html.
[217] N. Wingfield, “Microsoft Quashed Effort to Boost Online Privacy,” Wall Street Journal (August 2, 2010), http://online.wsj.com/article/SB10001424052748703467304575383530439838568.html.
[218] E. Felten, “If You’re Going to Track Me, Please Use Cookies,” Freedom to Tinker (blog) (July 7, 2009), http://www.freedom-to-tinker.com/blog/felten/if-youre-going-track-me-please-use-cookies.
[219] J. Mayer, A. Narayanan, and S. Stamm, “Do Not Track: A Universal Third-Party Web Tracking Opt Out,” IETF Request for Comments (2011), http://datatracker.ietf.org/doc/draft-mayer-do-not-track/?include_text=1.
[220] L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle, “The Platform for Privacy Preferences 1.0 (P3P1.0) Specification,” World Wide Web Consortium (2002), http://www.w3.org/TR/P3P/.
[221] N. Freed and N. Borenstein, “Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types,” IETF Request for Comments 2046 (1996), http://www.ietf.org/rfc/rfc2046.txt.
[222] V. Gupta, “IE Content-Type Logic,” IEBlog (February 1, 2005), http://blogs.msdn.com/b/ie/archive/2005/02/01/364581.aspx.
[223] SHODAN, “HTTP Header Survey” (2011), http://www.shodanhq.com/research/infodisc/download_latest.
[224] R. Troost, S. Dorner, and K. Moore, “Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field,” IETF Request for Comments 2183 (1997), http://www.ietf.org/rfc/rfc2183.txt.
[225] G. Heyes, “Inline UTF-7 E4X Javascript Hijacking,” The Spanner (blog) (February 24, 2009), http://www.thespanner.co.uk/2009/02/24/inline-utf-7-e4x-javascript-hijacking/.
[226] M. Zalewski, “URL Spoofing Is Likely Possible Through Address Bar Eliding” (2010), https://bugzilla.mozilla.org/show_bug.cgi?id=581313.
[227] R. J. Kosinski, “A Literature Review on Reaction Time,” Clemson University (2010), http://biae.clemson.edu/bpc/bp/Lab/110/reaction.htm#Type%20of%20Stimulus.
[228] M. Zalewski, “Bug 376473: File Action Dialog Controls Vulnerable to Refocus Race” (2007), https://bugzilla.mozilla.org/show_bug.cgi?id=376473.
[229] M. Zalewski, “Geolocation Spoofing and Other UI Woes,” Bugtraq (mailing list) (August 17, 2010), http://seclists.org/bugtraq/2010/Aug/201.
[230] D. Simons and C. Chabris, “Selective Attention Test” (1999), http://www.youtube.com/watch?v=vJG698U2Mvo&feature=player_embedded.
[231] D.J. Simmons and C.F. Chabris, “Gorillas in our midst: Sustained inattentional blindness for dynamic events,” Perception, 28, 1059 −1074 (1999), http://www.cnbc.cmu.edu/~behrmann/dlpapers/Simons_Chabris.pdf.
[234] “Internet Explorer: Security Zones,” Microsoft, http://technet.microsoft.com/en-us/library/dd361896.aspx.
[235] “Internet Explorer Binary Behaviors Security Setting,” Microsoft, http://technet.microsoft.com/en-us/library/cc776248(WS.10).aspx.
[236] Charles Schwab, “Technical Support,” http://www.visualwebcaster.com/charles_schwab/support/ (accessed September 9, 2011).
[237] Internal Revenue Service, “Streaming Media System Requirements & Troubleshooting Assistance,” http://www.irsvideos.gov/sbv_1099webinar/player/IRS_Webinar_Technical_Support.pdf (accessed September 9, 2011).
[238] “.NET Framework 3.0: Mark of the Web,” Microsoft, http://msdn.microsoft.com/en-us/library/ms537628%28VS.85%29.aspx.
[239] “Persistent Zone Identifier Object,” Microsoft, http://msdn.microsoft.com/en-us/library/ms537029%28VS.85%29.aspx.
[240] A. van Kesteren, “Cross-Origin Resource Sharing,” (working draft) World Wide Web Consortium (July 27, 2010), http://www.w3.org/TR/cors/.
[241] S. Dutta, “Updates for AJAX in IE8 Beta 2,” IEBlog (2008), http://blogs.msdn.com/b/ie/archive/2008/10/06/updates-for-ajax-in-ie8-beta-2.aspx.
[242] “.NET Framework 3.0: XDomainRequest Object,” Microsoft Developer Network, http://msdn.microsoft.com/en-us/library/cc288060%28v=vs.85%29.aspx.
[243] T. Close and M. Miller, “Uniform Messaging Policy, Level One,” (working draft) World Wide Web Consortium (January 26, 2010), http://www.w3.org/TR/UMP/.
[244] A. Barth, C. Jackson, and J.C. Mitchell, “Robust Defenses for Cross-Site Request Forgery,” ACM Conference on Computer and Communications Security (2008), http://seclab.stanford.edu/websec/csrf/csrf.pdf.
[245] B. Sterne, “Origin Header Proposal,” http://people.mozilla.com/~bsterne/content-security-policy/origin-header-proposal.html.
[246] A. van Kesteren, “The From-Origin Header,” (working draft) World Wide Web Consortium (July 21, 2011), http://www.w3.org/TR/2011/WD-from-origin-20110721/.
[247] A. Barth, “The Web Origin Concept (v. 9),” IETF Draft (November 26, 2010), http://tools.ietf.org/html/draft-abarth-origin-09.
[248] B. Sterne, “Content Security Policy” (2008), http://people.mozilla.com/~bsterne/content-security-policy/.
[249] B. Sterne, “Content Security Policy,” (draft) World Wide Web Consortium (March 15, 2011), https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-unofficial-draft-20110315.html.
[250] I. Hickson, “HTML Living Standard,” WHATWG (2011), http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox.
[251] J. Hodges, C. Jackson, and A. Barth, “HTTP Strict Transport Security (HSTS),” (draft) IETF Request for Comments (August 5, 2011), http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-02.
[252] A. Klein, “Google Chrome 6.0 and Above: Math.random Vulnerability” (2010), http://www.trusteer.com/sites/default/files/Google_Chrome_6.0_and_7.0_Math.random_vulnerability.pdf.
[253] “.NET Framework 3.0: toStaticHTML Method,” Microsoft, http://msdn.microsoft.com/en-us/library/cc848922%28v=vs.85%29.aspx.
[254] D. Ross, “IE8 Security Part IV: The XSS Filter,” IEBlog (2008), http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx.
[255] E. Vela Nava and D. Lindsay, “Abusing Internet Explorer 8’s XSS Filters” (2009), http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdf.
[256] “navigator.registerProtocolHandler,” Mozilla Developer Network, https://developer.mozilla.org/en/DOM/window.navigator.registerProtocolHandler.
[257] “Manipulating the Browser History,” Mozilla Developer Network, https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history/.
[258] A. Langley and M. Belsche, “SPDY: An Experimental Protocol for a Faster Web,” The Chromium Projects, http://www.chromium.org/spdy/spdy-whitepaper/.
[259] I. Fette and A. Melnikov, “The WebSocket Protocol,” IETF Request for Comments draft (2011), http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10/.
[260] J. Rosenberg, M. Kaufman, M. Hiie, and F. Audet, “An Architectural Framework for Browser Based Real-Time Communications,” IETF Request for Comments draft (2011), http://tools.ietf.org/html/draft-rosenberg-rtcweb-framework-00/.
[261] I. Hickson, “HTML5: 5.6—Offline Web Applications,” World Wide Web Consortium (2011), http://www.w3.org/TR/html5/offline.html.
[262] A. Barth, “Simple HTTP State Management Mechanism,” IETF Request for Comments draft (2010), http://tools.ietf.org/html/draft-abarth-cake-00/.
[263] I. Hickson, “Web SQL Database: W3C Working Group Note 18,” World Wide Web Consortium (2010), http://www.w3.org/TR/webdatabase/.
[264] N. Mehta, J. Sicking, E. Graff, A. Popescu, and J. Orlow, “Indexed Database API: W3C Working Draft 19,” World Wide Web Consortium (2011), http://www.w3.org/TR/IndexedDB/.
[265] I. Hickson, “Web Applications 1.0: Web Workers,” WHATWG (2011), http://www.whatwg.org/specs/web-apps/current-work/complete/workers.html.
[266] A. Popescu, “Geolocation API Specification: Editor’s Draft,” World Wide Web Consortium (February 10, 2010), http://dev.w3.org/geo/api/spec-source.html.
[267] “Detecting Device Orientation,” Mozilla Developer Network, https://developer.mozilla.org/en/detecting_device_orientation/.
[268] L. Cai and H. Chen, “TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion,” Usenix HOTSEC (2011), http://www.usenix.org/event/hotsec11/tech/final_files/Cai.pdf.
[269] “Web Developer’s Guide to Prerendering in Chrome,” Google code labs, http://code.google.com/chrome/whitepapers/prerender.html.
[270] Z. Wang, “Navigation Timing: Editor’s Draft,” World Wide Web Consortium (July 27, 2011), https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/NavigationTiming/Overview.html.
[271] J. Gregg, “Web Notifications Overview: W3C Editor’s Draft,” World Wide Web Consortium (October 12, 2010), http://dev.w3.org/2006/webapi/WebNotifications/publish/.
[272] D.D. Tran, I. Oksanen, and I. Kliche, “The Media Capture API: W3C Working Draft,” World Wide Web Consortium (September 28, 2010), http://www.w3.org/TR/media-capture-api/.