Basic HTML version of Foils prepared July 6 99

Foil 87 Web Spoofing (1)

From Security Infrastructure fo Electronic Commerce and Internet CPS714 Computational Science Information Track -- June 2 and June 7 99. by Roman Markowski
Web spoofing = URL rewritting
The attacker creates false "copy" of a the entire Web
  • attacker takes selected pages, the rest is available on-line
  • attacker web server is between a victim and the rest of the Web (DNS poisoning, registering false URL in a search engine)
  • if you see http://www.bad.com/http://www.good.com you are under attack; works even with secure connection
  • You can ask for it: http://www.anonymizer.com/
  • he can intercept and modify data
  • capture passwords, credit card information, etc
Defense
  • disable JavaScript (prevents attacker from hiding URLs)
  • Display URL and look at it

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Tue Jul 6 1999