Frame Spoofing (1)

• The attacker inserts a frame into a web page

  • one of user frames can be controlled by an attacker while all others are normal
  • the attacker frame can be used to gather passwords, credit card information, or display misleading information
  • exploits implementation vulnerability on most browsers
  • http://www.secureexperts.com/framespoof
  • developed in December and January 1999
  • attacker web server is between a victim and the rest of the Web
  • web and frame spoofing creates a BIG opportunity

• Defense

  • patch your browsers
  • use dynamic frame names for sensitive screens

Previous slide

Next slide

Back to first slide

View graphic version