Page 289 - StudyBook.pdf
P. 289

Communication Security: Web Based Services • Chapter 5  273

                 the fact that SSL does not verify hyperlinks that the user follows, so if a user gets to
                 a site by following a link, they can be sent to a spoofed site that appears to be a
                 legitimate site.



                 NOTE
                      Later versions of browser software have been modified to make Web
                      spoofing more difficult. However, many people are still using IE or
                      Netscape versions 3, both of which are highly vulnerable to this type of
                      attack. For more technical details about Web and hyperlink spoofing,
                      see the paper by Frank O’Dwyer at www.brd.ie/papers/sslpaper/
                      sslpaper.html and the paper by Felten, Balfanz, Dean, and Wallach at
                      www.cs.princeton.edu/sip/pub/spoofing.pdf.




                    Web spoofing is a high-tech form of con artistry, and is also often referred to as
                 phishing.The point of the scam is to fool users into giving confidential informa-
                 tion such as credit card numbers, bank account numbers, or Social Security num-
                 bers to an entity that the user thinks is legitimate, and then using that information
                 for criminal purposes such as identity theft or credit card fraud.The only difference
                 between this and the “real-world” con artist who knocks on a victim’s door and
                 pretends to be from the bank, requiring account information, is in the technology
                 used to pull it off.
                    There are clues that will tip off an observant victim that a Web site is not what
                 it appears to be, such as the URL or status line of the browser. However, an
                 attacker can use JavaScript to cover their tracks by modifying these elements.An
                 attacker can even go so far as to use JavaScript to replace the browser’s menu bar
                 with one that looks the same but replaces functions that provide clues to the inva-
                 lidity of the page, such as the display of the page’s source code.
                    Newer versions of Web browsers have been modified to make Web spoofing
                 more difficult. For example, prior to version 4 of Netscape and IE, both were
                 highly vulnerable to this type of attack.A common method of spoofing URLs
                 involved exploiting the ways in which browsers read addresses entered into the
                 address field. For example, anything on the left side of an @ sign in a URL would
                 be ignored, and the % sign is ignored.Additionally, URLs do not have to be in the
                 familiar format of a DNS name (such as www.syngress.com); they are also recog-
                 nized when entered as an IP address in decimal format (such as 216.238.8.44), hex-
                 adecimal format (such as D8.EE.8.2C), or in Unicode.Thus, a spoofer can send an



                                                                              www.syngress.com
   284   285   286   287   288   289   290   291   292   293   294