Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Second USENIX Workshop on Electronic Commerce

WWW Electronic Commerce and Java Trojan Horses

J.D. Tygar and Alma Whiten
Carnegie Mellon University


World Wide Web electronic commerce applications often require consumers to enter private information (such as credit card numbers) into forms in the browser window. If third parties can insert trojan horse applications onto a consumer's machine, they can monitor keyboard strokes and steal private information.

This paper outlines a simple way to accomplish this using Java or similar remote execution facilities. We implemented a simple version of this attack. We give a general method, window personalization, that can thwart or prevent this attack.

View the full text of this paper in HTML and POSTSCRIPT (8,041,072 Bytes)

To Become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 15 April 2002 aw
Conference Index