Professional Documents
Culture Documents
Introduction
What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies
What is Spoofing?
Dictionary.com definitions:
To deceive A hoax
Context
The browser, text, and pictures Names of objects Timing of events
http://www.antiphishing.org/phishing_arc
Context Spoofing
Spoofed emails have upwards of 20% success rates Costs billions of dollars to the industry Brand names attacked:
1. 2. 3. 4. 5. 6. Citigroup Wachovia Bank of America Yahoo! Ebay Paypal
Consequences
Unauthorized Surveillance Tampering Identity theft
www.server.com
Forms
Submitted data goes to the attackers server Allows for tampering Attacker can also modify returned data
Secure Connections
Everything will work the same Secure connection indicator will be turned on Secure connection is with attackers server Secure connections are a false sense of security
Status Line
Displays URL links points to Displays name of server being contacted JavaScript is the solution
Location Line
Displays URL of current page User can type in any URL JavaScript is the solution
Resources
www.antiphishing.com
http://www.cs.princeton.edu/sip/pub/spoo
Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996.