Welcome
Arachne's Web
A group focused on serving the AW community by providing help and discussion on topics such as HTML, CSS, web design, homesite decorating, netiquette and issues important to web artists.
Systems & Security (- threads, 1000 posts)
    Glossary (6 posts)
    Social Thread

    ...
    1 Member has made 4 Posts here to date.
    Google
    AncientWorlds.net Web
    Next:
    Prev: Worm
    Spoofing
    thoth.gif
    Author: * Sankhkare Thutmose - 4 Posts on this thread out of 1,036 Posts sitewide.
    Date: Feb 5, 2004 - 14:55

    Term: Spoofing

    Definition:     a particularly nasty computer attack in which the attacker creates misleading communications in order to trick the victim into revealing sensitive information (such as passwords, credit card numbers, etc.)

    Warning: This type of attack is not prevented by SSL (secure socket layer) connections, and the end user sees no indications that anything is wrong. However, the secure page that has been presented may have come from a "middle man" who is intercepting and/or re-routing the traffic to and from the end user and the intended recipient of the information.

    Description: There are mutiple kinds of spoofing attacks (some not even related to the computer), but we're going to limit ourselves to web-spoofing. Web-spoofing is an electronic con-game in which the attacker creates a convincing, but fake "copy" of the World Wide Web. This sounds impossible, but the attacker doesn't need to recreate the entire web, all he needs to do is insert himself between the user and the web. By controlling the traffic flow between the two, he can intercept any information the user sends to a legitimate website. The attack is facilitated when a user visits a malicious webpage or receives an email (with an HTML-enabled email client) that infects the user's computer.

    Scenario: Let's discuss logging into AncientWorlds as an example. You, the user, click the Login link on your homepage and are presented with what looks to you like AncientWorlds' login screen. In fact what you have been given is a page that LOOKS like AW but is controlled by your arch-enemy Dr. Moriarity. Unknowing, you type in your username and password. Moriarity collects that information and then passes your request on to the legitimate site. You get logged in you chat, you post, you redesign your homepage, you never know that he has this information. Okay, not THAT big a deal, unless he posts ugly things that make you look bad to the other citizens...but, consider if you had asked for the check-out page at amazon.com.

    The Bad News: At present all the major browsers are susceptible to spoofing attacks and there appears to be no movement to find a solution to the problem. Therefore, no e-commerce is 100% safe. Users should be aware of this and do what they can to protect themselves or at least limit their liability in the event of attack.


    NEXT:
    PREV: Worm
Rome - Rome, Season 1 - The Stolen Eagle


Copyright 2002-2011 AncientWorlds LLC | Code of Conduct and Terms of Service | Contact Us! | The AncientWorlds Staff