Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant...
-
date post
22-Dec-2015 -
Category
Documents
-
view
224 -
download
1
Transcript of Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant...
![Page 1: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/1.jpg)
Spoofing
Rafael Sabino10/28/2004
![Page 2: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/2.jpg)
Introduction
• What is spoofing?• Context and Security
relevant decisions• Phishing• Web spoofing• Remedies
![Page 3: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/3.jpg)
What is Spoofing?
• Dictionary.com definitions:
– To deceive– A hoax
![Page 4: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/4.jpg)
Security Relevant Decisions
• Decisions that can lead to undesirable results
• Examples
• Accepting data as being true and accurate
![Page 5: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/5.jpg)
Context
• The browser, text, and pictures
• Names of objects
• Timing of events
![Page 6: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/6.jpg)
Context Spoofing (Examples)
• http://www.antiphishing.org/phishing_archive.html
![Page 7: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/7.jpg)
Context Spoofing
• Spoofed emails have upwards of 20% success rates
• Costs billions of dollars to the industry
• Brand names attacked:
7. Bestbuy8. Microsoft MSN9. FBI
1. Citigroup2. Wachovia3. Bank of America4. Yahoo!5. Ebay6. Paypal
![Page 8: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/8.jpg)
Consequences
• Unauthorized Surveillance
• Tampering
• Identity theft
![Page 9: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/9.jpg)
What is Web Spoofing?
• Creating a shadow copy of the world wide web
• Shadow copy is funneled through attackers machine
• Data tampering
![Page 10: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/10.jpg)
Web Spoofing Attack
• The physical world can also be spoofed
• Security relevant decisions and context
![Page 11: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/11.jpg)
How does the Attack Work?
• Step : 1 Rewriting the URL:
• Example:– home.netscape.com– www.attacker.com/http://
home.netscape.com
![Page 12: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/12.jpg)
How does the Attack Work?
1. Request Spoof URL
www.attacker.org
www.server.com
2. Request real URL
3. Real Page
contents
4. Change page
5. Spoofed page
![Page 13: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/13.jpg)
How does the Attack Work?
• Once attacker server obtains the real URL, it modifies all links
• Rewritten page is provided to victim’s browser
• This funnels all information• Is it possible to spoof the
whole web?
![Page 14: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/14.jpg)
Forms
• Submitted data goes to the attackers server
• Allows for tampering
• Attacker can also modify returned data
![Page 15: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/15.jpg)
“Secure” Connections
• Everything will work the same
• Secure connection indicator will be turned on
• Secure connection is with attacker’s server
• “Secure” connections are a false sense of security
![Page 16: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/16.jpg)
Starting the Attack
• Put links in popular places
• Emails
• Search Engines
![Page 17: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/17.jpg)
Completing the Illusion
• There are cues that can destroy the illusion:– Status line– Location line– Viewing document source
• These can be virtually eliminated
![Page 18: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/18.jpg)
Status Line
• Displays URL links points to
• Displays name of server being contacted
• JavaScript is the solution
![Page 19: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/19.jpg)
Location Line
• Displays URL of current page
• User can type in any URL
• JavaScript is the solution
![Page 20: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/20.jpg)
Viewing Document Source
• Menu bar allows user to see pages’ source
• JavaScript can be used to create a fake menu bar
![Page 21: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/21.jpg)
Tracing the Attacker
• Is possible if attacker uses his/her own machine
• Stolen computers are used to launch attacks
• Hacked computers are used as well
![Page 22: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/22.jpg)
What can we do?
• Short term solution:– JavaScript– Location line is visible– Pay attention to location line
• Be selective with your features
![Page 23: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/23.jpg)
What can we do?
• Do not reply to or click on a link that will lead you to a webpage asking you for info.
• Look for the presence of a padlock and https://. Both most be present for a connection to be secure
• Keep up with updates
![Page 24: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/24.jpg)
What can we do?
• Check your bank / credit card statements
• To report suspicious activity, send email to Federal Trade Commision: [email protected]
• If you are a victim, file a complaint at www.ftc.gov
![Page 25: Spoofing Rafael Sabino 10/28/2004. Introduction What is spoofing? Context and Security relevant decisions Phishing Web spoofing Remedies.](https://reader036.fdocuments.us/reader036/viewer/2022062516/56649d785503460f94a5ab93/html5/thumbnails/25.jpg)
Resources
• www.antiphishing.com
• http://www.cs.princeton.edu/sip/pub/spoofing.html
• Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996.