Web Spoofing

• The attacker creates false “copy” of a the entire Web

  • attacker takes selected pages, the rest is available on-line
  • attacker web server is between a victim and the rest of the Web
  • if you see http://www.something.com/http://www.other.com you are under attack; works even with secure connection
  • he can modify data
  • capture passwords, credit card information, etc

• Defense

  • disable JavaScript (prevents attacker from hiding strange URLs)
  • Display URL and look at it

Previous slide

Next slide

Back to first slide

View graphic version