We discuss in this seminars an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on todayâ„¢s systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.
Web spoofing allows an attacker to create a shadow copy of the entire World Wide Web. Accesses to the shadow Web are funneled through the attackerâ„¢s machine, allowing the attacker to monitor all of the victimâ„¢s activities including any passwords or account numbers the victim enters.
The attacker can also cause false or misleading data to be sent to Web servers in the victimâ„¢s name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web.
I have implemented a demonstration version of this attack.
In a spoofing attack, the attacker creates misleading context in order to trick the victim into making an inappropriate security-relevant decision.
A spoofing attack is like a con game: the attacker sets up a false but convincing world around the victim. The victim does something that would be appropriate if the false world were real. Unfortunately, activities that seem reasonable in the false world may have disastrous effects in the real world.
Spoofing attacks are possible in the physical world as well as the electronic one. For example, there have been several incidents in which criminals set up bogus automated-teller machines, typically in the public areas of shopping malls. The machines would accept ATM cards and ask the person to enter their PIN code. Once the machine had the victimâ„¢s PIN, it could either eat the card or malfunction and return the card. In either case, the criminals had enough information to copy the victimâ„¢s card and use the duplicate. In these attacks, people were fooled by the context they saw: the location of the machines, their size and weight, the way they were decorated, and the appearance of their electronic displays.
People using computer systems often make security-relevant decisions based on contextual cues they see. For example, you might decide to type in your bank account number because you believe you are visiting your bankâ„¢s Web page. This belief might arise because the page has a familiar look, because the bankâ„¢s URL appears in the browserâ„¢s location line, or for some other reason.To appreciate the range and severity of possible spoofing attacks, we must look more deeply into two parts of the definition of spoofing: security-relevant decisions and context.
By security-relevant decision, we mean any decision a person makes that might lead to undesirable results such as a breach of privacy or unauthorized tampering with data. Deciding to divulge sensitive information, for example by typing in a password or account number, is one example of a security-relevant decision. Choosing to accept a downloaded document is a security-relevant decision, since in many cases a downloaded document is capable of containing malicious elements that harm the person receiving the document.
Even the decision to accept the accuracy of information displayed by your computer can be security-relevant. For example, if you decide to buy a stock based on information you get from an online stock ticker, you are trusting that the information provided by the ticker is correct. If somebody could present you with incorrect stock prices, they might cause you to engage in a transaction that you would not have otherwise made, and this could cost you money.
A browser presents many types of context that users might rely on to make decisions. The text and pictures on a Web page might give some impression about where the page came from; for example, the presence of a corporate logo implies that the page originated at a certain corporation. The appearance of an object might convey a certain impression; for example, neon green text on a purple background probably came from Wired magazine. You might think youâ„¢re dealing with a popup window when what you are seeing is really just a rectangle with a border and a color different from the surrounding parts of the screen. Particular graphical items like file-open dialog boxes are immediately recognized as having a certain purpose. Experienced Web users react to such cues in the same way that experienced drivers react to stop signs without reading them.The names of objects can convey context. People often deduce what is in a file by its name. Is manual.doc the text of a user manual? (It might be another kind of document, or it might not be a document at all.) URLs are another example. Is MICR0S0FT.COM the address of a large software company? (For a while that address pointed to someone else entirely. By the way, the round symbols in MICR0S0FT here are the number zero, not the letter O.)
People often get context from the timing of events. If two things happen at the same time, you naturally think they are related. If you click over to your bankâ„¢s page and a username/password dialog box appears, you naturally assume that you should type the name and password that you use for the bank. If you click on a link and a document immediately starts downloading, you assume that the document came from the site whose link you clicked on. Either assumption could be wrong.If you only see one browser window when an event occurs, you might not realize that the event was caused by another window hiding behind the visible one.
Modern user-interface designers spend their time trying to devise contextual cues that will guide people to behave appropriately, even if they do not explicitly notice the cues. While this is usually beneficial, it can become dangerous when people are accustomed to relying on context that is not always correct.
TCP and DNS Spoofing
Another class of spoofing attack, which we will not discuss here, tricks the userâ„¢s software into an inappropriate action by presenting misleading information to that software. Examples of such attacks include TCP spoofing, in which Internet packets are sent with forged return addresses, and DNS spoofing , in which the attacker forges information about which machine names correspond to which network addresses. These other spoofing attacks are well known, so we will not discuss them further.
TYPES OF SPOOFING
Â¢ IP SPOOFING
Â¢ EMAIL SPOOFING
Â¢ WEB SPOOFING
Download The Full Presentation