Basic HTML version of Foils prepared July 6 99

Foil 88 Frame Spoofing (1)

From Security Infrastructure fo Electronic Commerce and Internet CPS714 Computational Science Information Track -- June 2 and June 7 99. by Roman Markowski


1 The attacker inserts a frame into a web page
  • one of user frames can be controlled by an attacker while all others are normal
  • the attacker frame can be used to gather passwords, credit card information, or display misleading information
  • exploits implementation vulnerability on most browsers
  • http://www.secureexperts.com/framespoof
  • developed in December and January 1999
  • attacker web server is between a victim and the rest of the Web
  • web and frame spoofing creates a BIG opportunity
2 Defense
  • patch your browsers
  • use dynamic frame names for sensitive screens

in Table To:


© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Tue Jul 6 1999