The attacker inserts a frame into a web page
-
one of user frames can be controlled by an attacker while all others are normal
-
the attacker frame can be used to gather passwords, credit card information, or display misleading information
-
exploits implementation vulnerability on most browsers
-
http://www.secureexperts.com/framespoof
-
developed in December and January 1999
-
attacker web server is between a victim and the rest of the Web
-
web and frame spoofing creates a BIG opportunity
|