Basic HTML version of Foils prepared May 19 99

Foil 35 Frame Spoofing

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. by Roman Markowski
The attacker inserts a frame into a web page
  • developed in December 1998 and January 1999
  • one of user frames can be controlled by an attacker while all others are normal
  • the attacker frame can be used to gather passwords, credit card information, or display misleading information
  • exploits implementation vulnerability on most browsers
  • http://www.secureexperts.com/framespoof
  • attacker web server is between a victim and the rest of the Web
  • web and frame spoofing creates a BIG opportunity
Defense
  • patch your browsers
  • use dynamic frame names for sensitive screens

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999