[ NNSquad ] Toolkit for detecting ISP modifications to web pages

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Toolkit for detecting ISP modifications to web pages

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Toolkit for detecting ISP modifications to web pages
From: Charles Reis <creis@cs.washington.edu>
Date: Mon, 10 Dec 2007 14:37:52 -0800

Hi all-- There has recently been some discussion on this list about ISPs modifying web traffic (e.g., the recent messages about Rogers modifying Google's home page). Related to this, I wanted to point you to a toolkit that a server could use to detect whether its pages are being modified in flight. The toolkit is available at the URL below:

http://www.cs.washington.edu/research/security/web-tripwire.html

The toolkit allows publishers to deploy "web tripwires" on their own web pages. Web tripwires are JavaScript code that can detect when a web page is modified in flight, so that the publisher is aware of the event and can notify the end user if appropriate.

The URL above also has a brief summary of a measurement study that used a web tripwire to detect changes to our web page (http://vancouver.cs.washington.edu). We found a wide variety of changes being made, ranging from injected advertisements to client-side popup blockers to malware. Interestingly, some of these changes introduced bugs or even security vulnerabilities into the web pages they modified.

  We'd be happy to get feedback on either the toolkit or the study results.

Thanks!
Charlie Reis

Prev by Date: [ NNSquad ] Re: Google Hijacked -- Major ISP to Intercept and Modify Web Pages
Next by Date: [ NNSquad ] Re: Stripping or Replacing Web Site Ads?
Previous by thread: [ NNSquad ] Rogers Confirms Data Intercept/Modification Story
Next by thread: [ NNSquad ] Re: HTTP must die!
Index(es):
- Date
- Thread