c



?
 

  
Introduction

‡ What is spoofing?
‡ Context and Security relevant
decisions
‡ Phishing
‡ Web spoofing
‡ Remedies
What is Spoofing?

‡ Dictionary.com definitions:

² To deceive
² A hoax
Security Relevant Decisions

‡ Decisions that can lead to

undesirable results

‡ Examples

‡ Accepting data as being true

and accurate
Context

‡ The browser, text, and pictures

‡ Names of objects

‡ Timing of events
Context Spoofing (Examples)

‡ http://www.antiphishing.org/p
hishing_archive.html
Context Spoofing
‡ Spoofed emails have upwards of 20%
success rates
‡ Costs billions of dollars to the industry

‡ Brand names attacked:

1. Citigroup 7. Bestbuy
2. Wachovia 8. Microsoft MSN
3. Bank of America
9. FBI
4. Yahoo!
5. Ebay
6. Paypal
Consequences

‡ Unauthorized Surveillance

‡ Tampering

‡ Identity theft
What is Web Spoofing?

‡ Creating a shadow copy of

the world wide web

‡ Shadow copy is funneled

through attackers machine

‡ Data tampering
Web Spoofing Attack

‡ The physical world can also be

spoofed

‡ Security relevant decisions and

context
ow does the Attack Work?

‡ Step : 1 Rewriting the URL:

‡ Example:
² home.netscape.com
² www.attacker.com/http://home
.netscape.com
ow does the Attack Work?
www.attacker.org
1. Request Spoof
URL 4. Change
page

5. Spoofed page 2. Request

real URL
3. Real
Page
contents

www.server.com
ow does the Attack Work?

‡ Once attacker server obtains

the real URL, it modifies all links
‡ Rewritten page is provided to
victim·s browser
‡ This funnels all information
‡ Is it possible to spoof the whole
web?
Forms

‡ Submitted data goes to the

attackers server

‡ Allows for tampering

‡ Attacker can also modify

returned data
wSecureµ Connections

‡ Everything will work the same

‡ Secure connection indicator
will be turned on
‡ Secure connection is with
attacker·s server
‡ wSecureµ connections are a
false sense of security
Starting the Attack

‡ Put links in popular places

‡ Emails

‡ Search Engines
Completing the Illusion

‡ There are cues that can

destroy the illusion:
² Status line
² Location line
² Viewing document source

‡ These can be virtually

eliminated
Status Line

‡ Displays URL links points to

‡ Displays name of server being

contacted

‡ JavaScript is the solution

Location Line

‡ Displays URL of current page

‡ User can type in any URL

‡ JavaScript is the solution

Viewing Document Source

‡ Menu bar allows user to see

pages· source

‡ JavaScript can be used to

create a fake menu bar
Tracing the Attacker

‡ Is possible if attacker uses

his/her own machine

‡ Stolen computers are used to

launch attacks

‡ acked computers are used

as well
What can we do?

‡ Short term solution:

² JavaScript
² Location line is visible
² Pay attention to location line

‡ Be selective with your features

What can we do?

‡ Do not reply to or click on a

link that will lead you to a
webpage asking you for info.
‡ Look for the presence of a
padlock and https://. Both
most be present for a
connection to be secure
‡ Keep up with updates
What can we do?

‡ Check your bank / credit card

statements
‡ To report suspicious activity,
send email to Federal Trade
Commision: uce@ftc.gov
‡ If you are a victim, file a
complaint at www.ftc.gov
Resources

‡ www.antiphishing.com

‡ http://www.cs.princeton.edu/s
ip/pub/spoofing.html

‡ Gary McGraw and Edward W. Felten.

Java Security: ostile Applets, oles and
Antidotes. John Wiley and Sons, New
York, 1996.