Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies."— Presentation transcript:

1 Spoofing Rafael Sabino 10/28/2004

2 Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies

3 What is Spoofing? Dictionary.com definitions: –To deceive –A hoax

4 Security Relevant Decisions Decisions that can lead to undesirable results Examples Accepting data as being true and accurate

5 Context The browser, text, and pictures Names of objects Timing of events

6 Context Spoofing (Examples) http://www.antiphishing.org/p hishing_archive.htmlhttp://www.antiphishing.org/p hishing_archive.html

7 Context Spoofing Spoofed emails have upwards of 20% success rates Costs billions of dollars to the industry Brand names attacked: 7. Bestbuy 8. Microsoft MSN 9. FBI 1.Citigroup 2.Wachovia 3.Bank of America 4.Yahoo! 5.Ebay 6.Paypal

8 Consequences Unauthorized Surveillance Tampering Identity theft

9 What is Web Spoofing? Creating a shadow copy of the world wide web Shadow copy is funneled through attackers machine Data tampering

10 Web Spoofing Attack The physical world can also be spoofed Security relevant decisions and context

11 How does the Attack Work? Step : 1 Rewriting the URL: Example: –home.netscape.comhome.netscape.com –www.attacker.com/http://home.netscape.com

12 How does the Attack Work? 1. Request Spoof URL www.attacker.org www.server.com 2. Request real URL 3. Real Page contents 4. Change page 5. Spoofed page

13 How does the Attack Work? Once attacker server obtains the real URL, it modifies all links Rewritten page is provided to victim’s browser This funnels all information Is it possible to spoof the whole web?

14 Forms Submitted data goes to the attackers server Allows for tampering Attacker can also modify returned data

15 “Secure” Connections Everything will work the same Secure connection indicator will be turned on Secure connection is with attacker’s server “Secure” connections are a false sense of security

16 Starting the Attack Put links in popular places Emails Search Engines

17 Completing the Illusion There are cues that can destroy the illusion: –Status line –Location line –Viewing document source These can be virtually eliminated

18 Status Line Displays URL links points to Displays name of server being contacted JavaScript is the solution

19 Location Line Displays URL of current page User can type in any URL JavaScript is the solution

20 Viewing Document Source Menu bar allows user to see pages’ source JavaScript can be used to create a fake menu bar

21 Tracing the Attacker Is possible if attacker uses his/her own machine Stolen computers are used to launch attacks Hacked computers are used as well

22 What can we do? Short term solution: –JavaScript –Location line is visible –Pay attention to location line Be selective with your features

23 What can we do? Do not reply to or click on a link that will lead you to a webpage asking you for info. Look for the presence of a padlock and https://. Both most be present for a connection to be secure Keep up with updates

24 What can we do? Check your bank / credit card statements To report suspicious activity, send email to Federal Trade Commision: uce@ftc.govuce@ftc.gov If you are a victim, file a complaint at www.ftc.govwww.ftc.gov

25 Resources www.antiphishing.com http://www.cs.princeton.edu/s ip/pub/spoofing.htmlhttp://www.cs.princeton.edu/s ip/pub/spoofing.html Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996.

Download ppt "Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies."

Similar presentations

EBSCOadmin Authentication

EBSCOadmin Authentication
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Are You Smarter Than a 5 th Grader? 1,000,000 E-MAIL Blog Online Search Kindle? Documents? Backup Virus click here! Downloading Music Expiration Date?

Are You Smarter Than a 5 th Grader? 1,000,000 Blog Online Search Kindle? Documents? Backup Virus click here! Downloading Music Expiration Date?
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Papers on Web-based Fraud and Identity Theft Kevin Kane Design and Analysis of Secure Protocols Fall 2004.

Papers on Web-based Fraud and Identity Theft Kevin Kane Design and Analysis of Secure Protocols Fall 2004.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Introducing new web content management tools for Priority...

Introducing new web content management tools for Priority...
Chapter 7: The Web and E-mail1 The Web and E-mail Chapter 7.

Chapter 7: The Web and 1 The Web and Chapter 7.
URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J. 2004.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J
Web Spoofing 1 Outline Motivation Web spoofing problem Web spoofing attacks – works done Web spoofing Countermeasures – works done New Idea.

Web Spoofing 1 Outline Motivation Web spoofing problem Web spoofing attacks – works done Web spoofing Countermeasures – works done New Idea.
UNIFORM RESOURCE LOCATOR (URL)

UNIFORM RESOURCE LOCATOR (URL)
Internet Fraud By: Noelle Woodman.

Internet Fraud By: Noelle Woodman.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.

Similar presentations

Ads by Google