1200 Words on Army Leadership - 1

Only available on StudyMode
  • Download(s) : 177
  • Published : December 17, 2012
Open Document
Text Preview
BSTRACT
The web spoofing describes an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can becarried out on today's systems, endangering users of the most common Web browsers.Web spoofing allows an attacker to create a "shadow copy" of the entire World WideWeb. Accesses to the shadow Web are funneled through the attacker’smachine, allowing the attacker to monitor all of the victim's activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim's name, or to the victim in thename of any Web server. In short, the attacker observes and controls everything thevictim does on the Web. First, the attacker causes a browser window to becreated on the victim's machine, with some of the normal status and menu informationreplaced by identical-looking components supplied by the attacker. Then, the attacker causes all Web pages destined for the victim's machine to be routed through theattacker's server. On the attacker’s server, the pages are rewritten in such a way that their appearance does not change at all, but any actions taken by the victim would be logged by the attacker. In addition, any attempt by the victim to load a new page would cause thenewly-loaded page to be routed through the attacker's server, so the attack wouldcontinue on the new page.

Web Spoofing
CONTENTS
1 Introduction2 Previous works3 Types of spoofing3.1 IP spoofing3.2 Email spoofing3.3 Web spoofing3.4 URL spoofing3.5 IDN spoofing3.6 DNS spoofing3.7 Proxy spoofing4 Thread Model and Attack 5 How web spoofing works?6 Spoofing the whole page7 How do the attacks works8 Completing the illusion8.1 The status line8.2 The location line8.3 Viewing the document source9 Countermeasures9.1 Disable java script9.2 Customization9.3 Disable pop-up windows9.4 Long-term solutions10 Future spoofing works11 Implications11.1What are the current risk to the web user?12 Conclusions13 References

Web Spoofing
1. INTRODUCTION
Web Spoofing is a security attack that allows an adversary toobserve and modify all web pages sent to the victim's machine, and observe allinformation entered into forms by the victim. Web Spoofing works on both of themajor browsers and is not prevented by "secure" connections. The attacker can observeand modify all web pages and form submissions, even when the browser's "secureconnection" indicator is lit. The user sees no indication that anything is wrong.The attack is implemented using JavaScript and Web server plug-ins, and works in two parts. First, the attacker causes a browser window to be createdon the victim's machine, with some of the normal status and menu information replaced by identical-looking components supplied by the attacker. Then, the attacker causes allWeb pages destined for the victim's machine to be routed through the attacker's server.On the attacker's server, the pages are rewritten in such a way that their appearance doesnot change at all, but any actions taken by the victim (such as clicking on a link) would be logged by the attacker. In addition, any attempt by the victim to load a new pagewould cause the newly-loaded page to be routed through the attacker's server, so theattack would continue on the new page.The attack is initiated when the victim visits amalicious Web page, or receives a malicious email message (if the victim uses anHTML-enabled email reader).We have implemented a demonstration of the Web Spoofing attack and have shown the demo live at the Internet World conference and on MSNBCtelevision. Although the implementation is not trivial, it is well within the means of asingle dedicated programmer. Current browsers do not prevent Web spoofing, and thereseems to be little movement in the direction of addressing this problem. We believe thatthere can be no secure electronic commerce on the Web until the Web Spoofingvulnerability has been...
tracking img