Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.

Slides:

Advertisements

Similar presentations

EBSCOadmin Authentication

Advertisements

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

Are You Smarter Than a 5 th Grader? 1,000,000 Blog Online Search Kindle? Documents? Backup Virus click here! Downloading Music Expiration Date?

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

Papers on Web-based Fraud and Identity Theft Kevin Kane Design and Analysis of Secure Protocols Fall 2004.

1 Identity Theft and Phishing: What You Need to Know.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Internet Phishing Not the kind of Fishing you are used to.

Introducing new web content management tools for Priority...

Chapter 7: The Web and 1 The Web and Chapter 7.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J

Web Spoofing 1 Outline Motivation Web spoofing problem Web spoofing attacks – works done Web spoofing Countermeasures – works done New Idea.

UNIFORM RESOURCE LOCATOR (URL)

Internet Fraud By: Noelle Woodman.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.

1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)

Quiz 2 - Review. Identity Theft and Fraud Identity theft and fraud are: – Characterized by criminal use of the victim's personal information such as a.

Microsoft ® Office SharePoint ® Server 2007 Training SharePoint calendars I: Make the most of your team calendar Bellwood-Antis School District presents:

The Internet & Web Browsers Business Webpage Design Kelly Seale.

How It Applies In A Virtual World

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Identity Theft.  What is it?  How is it perpetrated?  Can you avoid it?  What if you become a victim?

1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.

Reliability & Desirability of Data

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.

IT security By Tilly Gerlack.

CHAPTER 3 USING HYPERLINKS TO CONNECT CONTENT. LEARNING OBJECTIVES How to use the and anchor tag pair to create a text-based hyperlink. How to use the.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

Personal Privacy and Security Zenia C. Bahorski Ph.D. Department of Computer Science Eastern Michigan University Personal Privacy & Security - Z. Bahorski,

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

Validating, Promoting, & Publishing Your Web Site Writing For the Web The Internet Writer’s Handbook 2/e.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.

Information Security Sharon Welna Information Security Officer.

CCT355H5 F Presentation: Phishing November Jennifer Li.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

Don’t Be “Phooled” By Phishing Federal Trade Commission National Consumers League Microsoft Corporation March 31, 2005.

Microsoft ® Office SharePoint ® Training Sharjah Higher Colleges of Technology presents:

SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.

Topic 5: Basic Security.

Internet 1) John R. Levine, Margaret Levine Young, The Internet for Dummies. Wiley Publishing, 12 th Edition, 2010.

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.

CSCI-235 Micro-Computers in Science The Internet and World Wide Web.

Understanding Web Browsers Presented By: Philip Slama Nancy Solomon CGS 1060.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

SCAMS and FRAUDS How to Recognize Them and Ways You Can Protect Yourself Presented by the Criminal Investigations Division, Morganton Department of Public.

Microsoft Windows 7 - Illustrated Unit G: Exploring the Internet with Microsoft Internet Explorer.

WEB SECURITY WEEK 1 Computer Security Group University of Texas at Dallas.

By: Micah Stevens Identity Theft in the World Today.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.

Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.

Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.

Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.

Phishing, what you should know

Protect Your Computer Against Harmful Attacks!

Information Security Session October 24, 2005

Introduction to JavaScript

Lesson 2: Gathering and Organizing Information Using ICT KEY QUESTION: HOW DO YOU GATHER AND ORGANIZE INFORMATION USING THE COMPUTER AND INTERNET?

Presentation transcript:

Spoofing Rafael Sabino 10/28/2004

Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies

What is Spoofing? Dictionary.com definitions: –To deceive –A hoax

Security Relevant Decisions Decisions that can lead to undesirable results Examples Accepting data as being true and accurate

Context The browser, text, and pictures Names of objects Timing of events

Context Spoofing (Examples) hishing_archive.htmlhttp:// hishing_archive.html

Context Spoofing Spoofed s have upwards of 20% success rates Costs billions of dollars to the industry Brand names attacked: 7. Bestbuy 8. Microsoft MSN 9. FBI 1.Citigroup 2.Wachovia 3.Bank of America 4.Yahoo! 5.Ebay 6.Paypal

Consequences Unauthorized Surveillance Tampering Identity theft

What is Web Spoofing? Creating a shadow copy of the world wide web Shadow copy is funneled through attackers machine Data tampering

Web Spoofing Attack The physical world can also be spoofed Security relevant decisions and context

How does the Attack Work? Step : 1 Rewriting the URL: Example: –home.netscape.comhome.netscape.com –

How does the Attack Work? 1. Request Spoof URL Request real URL 3. Real Page contents 4. Change page 5. Spoofed page

How does the Attack Work? Once attacker server obtains the real URL, it modifies all links Rewritten page is provided to victim’s browser This funnels all information Is it possible to spoof the whole web?

Forms Submitted data goes to the attackers server Allows for tampering Attacker can also modify returned data

“Secure” Connections Everything will work the same Secure connection indicator will be turned on Secure connection is with attacker’s server “Secure” connections are a false sense of security

Starting the Attack Put links in popular places s Search Engines

Completing the Illusion There are cues that can destroy the illusion: –Status line –Location line –Viewing document source These can be virtually eliminated

Status Line Displays URL links points to Displays name of server being contacted JavaScript is the solution

Location Line Displays URL of current page User can type in any URL JavaScript is the solution

Viewing Document Source Menu bar allows user to see pages’ source JavaScript can be used to create a fake menu bar

Tracing the Attacker Is possible if attacker uses his/her own machine Stolen computers are used to launch attacks Hacked computers are used as well

What can we do? Short term solution: –JavaScript –Location line is visible –Pay attention to location line Be selective with your features

What can we do? Do not reply to or click on a link that will lead you to a webpage asking you for info. Look for the presence of a padlock and Both most be present for a connection to be secure Keep up with updates

What can we do? Check your bank / credit card statements To report suspicious activity, send to Federal Trade Commision: If you are a victim, file a complaint at

Resources ip/pub/spoofing.htmlhttp:// ip/pub/spoofing.html Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996.