4.
We discuss in this seminar an
Internet security attack that could
endanger the privacy of
World
Wide Web users
Web spoofing allows an attacker to
create a “shadow copy” of the entire
World Wide Web.
5.
Definition
Website spoofing is the act of creating a
website, as a hoax, with the intention of
misleading readers that the website has been
created by a different person or organization.
Web spoofing is a phishing scheme
6.
Creating a shadow copy of the world
wide web
Shadow copy is funneled through
attackers machine
Data tampering
8.
The physical world can also be spoofed
Security relevant decisions and context
A spoofing attack is like a con game: the attacker
sets up a false but convincing world around the
victim.
10.
Routers use the destination IP address to forward
packets, but ignore the source IP address.
The source IP address is used only by the
destination machine, when it responds back to
the source.
Since the attacker does not receive packets
back, this is called a one-way attack or blind
spoofing.
11.
12.
13.
E-MAIL SPOOFING
Purposes of email spoofing:
Hiding sender’s identity
Impersonating someone
Implicating someone
Trick someone into making a damaging statement
or releasing sensitive information
3 basic ways to perform Email spoofing:
Aliasing
Modify mail client
Telnet to port 25
17. WEB SPOOFING
Information Flow
Model
1.
2.
3.
4.
5.
A deceptive message is sent from the
phisher to the user.
A user provides confidential
information to a phishing server
(normally after some interaction with
the server).
The phisher obtains the confidential
information from the server.
The confidential information is used to
impersonate the user.
The phisher obtains illicit monetary
gain.
18.
19.
Displays URL of current page
User can type in any URL
JavaScript is the solution
20.
Displays URL links points to
Displays name of server being contacted
JavaScript is the solution
24.
In programming language like java
for the better understanding of code
level spoofing and again to work
against
Advance
tools
like
antiviruses and antispywares.
Availability of books also bounded
my approach
25.
Current technology is unable to
completely stop phishing and web
spoofing
Improvements
in
security
technology can drastically reduce
the amount of phishing schemes.
26.
The Mozilla Organization. Personal Security
Manager (PSM).
http://www.mozilla.org/projects/security/pk
i/psm/
Netscape. JavaScript Sample Code.
http://developer.netscape.com/docs/example
s/javascript.html
www.antiphishing.com
http://www.cs.princeton.edu/sip/pub/spoofi
ng.html