Rafael Sabino 10/28/2004

‡ What is spoofing? ‡ Context and Security relevant decisions ‡ Phishing ‡ Web spoofing ‡ Remedies

com definitions: ² To deceive ² A hoax .What is Spoofing? ‡ Dictionary.

Security Relevant Decisions ‡ Decisions that can lead to undesirable results ‡ Examples ‡ Accepting data as being true and accurate .

Context ‡ The browser. text. and pictures ‡ Names of objects ‡ Timing of events .

org/p hishing_archive.Context Spoofing (Examples) ‡ http://www.antiphishing.html .

Context Spoofing ‡ ‡ ‡ Spoofed emails have upwards of 20% success rates Costs billions of dollars to the industry Brand names attacked: 1. 6. 2. Citigroup Wachovia Bank of America Yahoo! Ebay Paypal 7. FBI . 4. Bestbuy 8. 3. 5. Microsoft MSN 9.

Consequences ‡ Unauthorized Surveillance ‡ Tampering ‡ Identity theft .

What is Web Spoofing? ‡ Creating a shadow copy of the world wide web ‡ Shadow copy is funneled through attackers machine ‡ Data tampering .

Web Spoofing Attack ‡ The physical world can also be spoofed ‡ Security relevant decisions and context .

netscape.How does the Attack Work? ‡ Step : 1 Rewriting the URL: ‡ Example: ² home.com ² www.com/http://home .netscape.attacker.com .

server.How does the Attack Work? www.com . Real Page contents 2. Change page 5. Request real URL www.org 1.attacker. Spoofed page 3. Request Spoof URL 4.

How does the Attack Work? ‡ Once attacker server obtains the real URL. it modifies all links ‡ Rewritten page is provided to victim·s browser ‡ This funnels all information ‡ Is it possible to spoof the whole web? .

Forms ‡ Submitted data goes to the attackers server ‡ Allows for tampering ‡ Attacker can also modify returned data .

´Secureµ Connections ‡ Everything will work the same ‡ Secure connection indicator will be turned on ‡ Secure connection is with attacker·s server ‡ ´Secureµ connections are a false sense of security .

Starting the Attack ‡ Put links in popular places ‡ Emails ‡ Search Engines .

Completing the Illusion ‡ There are cues that can destroy the illusion: ² Status line ² Location line ² Viewing document source ‡ These can be virtually eliminated .

Status Line ‡ Displays URL links points to ‡ Displays name of server being contacted ‡ JavaScript is the solution .

Location Line ‡ Displays URL of current page ‡ User can type in any URL ‡ JavaScript is the solution .

Viewing Document Source ‡ Menu bar allows user to see pages· source ‡ JavaScript can be used to create a fake menu bar .

Tracing the Attacker ‡ Is possible if attacker uses his/her own machine ‡ Stolen computers are used to launch attacks ‡ Hacked computers are used as well .

What can we do? ‡ Short term solution: ² JavaScript ² Location line is visible ² Pay attention to location line ‡ Be selective with your features .

‡ Look for the presence of a padlock and https://. Both most be present for a connection to be secure ‡ Keep up with updates .What can we do? ‡ Do not reply to or click on a link that will lead you to a webpage asking you for info.

What can we do? ‡ Check your bank / credit card statements ‡ To report suspicious activity.ftc.gov ‡ If you are a victim. send email to Federal Trade Commision: uce@ftc.gov . file a complaint at www.

. New York.edu/s ip/pub/spoofing.html ‡ Gary McGraw and Edward W. Java Security: Hostile Applets.cs. Felten.antiphishing. 1996. John Wiley and Sons. Holes and Antidotes.com ‡ http://www.princeton.Resources ‡ www.

Sign up to vote on this title
UsefulNot useful