• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  • Level: GCSE
  • Subject: ICT
  • Word count: 7991

What is Spoofing?

Extracts from this document...


Shumaila Aslam Information Security BSc Combined Honours Computer Science Spoofing Spoofing: E-mail, server..... How it is done, how it is detected, how to defend against it. What is Spoofing? Definition spoof (DECEIVE) [Show phonetics] verb [I or T] US INFORMAL to try to make someone believe in something that is not true, as a joke (from Cambridge Advanced Learner's Dictionary) Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. How? By attacking the DNS (domain name system) that maps the "www.site.com" in a URL to a network address, or by modifying a Web page to have a bad URL, or by tricking your browser as it interprets CGI data, JavaScript, etc. After your browser has been fooled, the spoofed Web server can send you fake Web pages or prompt you to provide personal information such as your login ID, password, or even credit card or bank account numbers. If done carefully, you probably will not even notice that you have been duped. How to Spot a Spoofed Page Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: * If you hold your mouse over a URL that is a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. * When the Web page is being requested, the status line will show the name of the server. Beware if the server name is different from what you expected. * Your browser's location line is the place to watch for anything unusual about a site's URL. Unfortunately, clues to a Web spoofing attack can be hidden if the attacker is using JavaScript (which can write to the status line and rewrite location line URLs) or a similar program that makes all requests for a particular URL go to the attacker's system. ...read more.


Acknowledgments The URL-rewriting part of our demonstration program is based on Henry Minsky's code for the Zippy filter. We are grateful to David Hopwood for useful discussions about spoofing attacks, and to Gary McGraw and Laura Felten for comments on drafts of this paper. The figure was designed by Gary McGraw. For More Information More information is available from our Web page at http://www.cs.princeton.edu/sip, or from Prof. Edward Felten at felten@cs.princeton.edu or (609) 258-5906. References [1] Peter G. Neumann. Computer-Related Risks. ACM Press, New York, 1995. [2] Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996. [3] Robert T. Morris. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report 117, AT&T Bell Laboratories, February 1985. [4] Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review 19(2):32-48, April 1989. [5] Steven M. Bellovin. Using the Domain Name System for System Break-ins. Proceedings of Fifth Usenix UNIX Security Symposium, June 1995. [6] Web site at http://www.anonymizer.com [7] Web site at http://www.metahtml.com/apps/zippy/welcome.html Gingham Shirt $85.00 NeimanMarcus.com Lacoste More Designer Men's webhead Inside the Internet. E-Mail Impersonators How to identify "spoofed" e-mail. By Bill Barnes Posted Tuesday, March 12, 2002, at 4:46 PM PT Editor's note: To read the complete explanation of how Slate was duped by an e-mail spoofer, see this "Press Box" column. After my wife cast her ballot on the morning of Election Day 1996, she arrived at work to find an e-mail from none other than the president of the United States ( president@whitehouse.gov ). He thanked her for her vote and promised to address her hot-button issues of education and women's rights. She was a little disturbed, but as it turned out the sanctity of her secret ballot hadn't been compromised. Someone (her husband) had merely sent her a spoofed e-mail. E-mail is considered "spoofed" when the e-mail address in the "From" field is not that of the sender. ...read more.


they will remain so. The best way forwards A change is needed to move from relying on networking systems that don't solve the problem to content management - signing and protecting the actual information itself and not just the unproven link(s) it is traveling over. That prevents all the typical network IP attacks from having any effect, and provides genuine control over the information itself. A change to securing content, rather than links, offers the e-business community significant benefits. For e-business, there is an imperative for the honest trader to identify themselves by clearly identifying their content. (How you link to them is then, actually irrelevant.) That way all their users can verify any content reaching them, and rely upon what that content is, regardless of how it got to them. The same would go for instructions to computer systems, services and networks. By switching to that approach, the business community can achieve major trading benefits: certainty that the quality of their information can be proven; certainty of secure trade for them and their customers; certainty of privacy for them and their customers; certainty that payment details cannot be misused. Conversely, traders not following such an approach identify themselves as leaving their customers open to fraud, misrepresentation, uncertainty and lack of confidence. Right now schemes to separate the good from the bad have little effect. ArticSoft have provided some novel steps in the direction of proof by content rather than proof by network connection. For Internet technologies this is a more pragmatic way to proceed because content may reside anywhere on the Internet. It also allows for protecting information that is confidential by much simpler methods than are offered by network based solutions. Such a change faces significant opposition, not least from the network providers, network analysts and managers, who risk being relegated to a lower status (and relative income) as a result. In practice, with the tools available, they have done the best job that could be done. Unfortunately, scripting attacks and cook book hacking methods are making those methods more vulnerable, and a change in approach is needed moving forwards. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Communications section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Communications essays

  1. Peer reviewed

    Email and Email Security.

    4 star(s)

    Disable Email 'Executables'. In Eudora, Under Tools / Options / Viewing Mail, Make Sure To Disable (Unclick) "Allow Executables In Html Content." 2) Sending Email With Attachments: a) Avoid Sending Attachments If The Same Information Can Be Sent As Plain Text Or Rtf.

  2. Which properties of HTTP waste bandwidth? What is the additional problem using HTTP/1.0 together ...

    SIFS (Short Inter Frame Spacing): The shortest waiting time for medium access, this has the highest priority. It is defined for short control messages, such as acknowledgements of data packet or polling response. ? PIFS ( PCF - point coordination function, IFS - Inter-frame spacing).

  1. ICT Systems in Everyday Life: Your Local Community

    there isn't a system today that is suitable for a wide-spread rollout of digital cinema. But that's a very different problem which this article will only begin to address. Altogether, it's important to note that digital cinema has many forces pushing it forward, and many forces that inhibit it from moving forward.

  2. Free essay

    Impact of ICT in Community

    on your lap, this is helpful to Mary because then she can place the keyboard on a place which is comfortable for her. 8 key chordic Braille keyboard prove it to be the best way to stop the development of muscular and skeletal injuries.

  1. A report on how ICT affects me as an individual, and other members of ...

    Disadvantages are that if the site is down you cannot access the information and may have to find alternative ways. GPS stands for Global Positioning Systems and is a worldwide system of satellites and their ground stations which are used for identifying earth locations.

  2. Information Security.

    The microprocessor and the floppy disc create a new and urgent problem of safeguarding software. The requirements summed up by the phrase 'data security' do not stay the same; they change as the technology changes. In order to avoid repeating the same phrases we will use conventional names for the actors in the security drama.

  1. SK-II has already established as a leading brand within its' skin-care industry. By empowering ...

    Another form of one-to-one haggling is called "name your price" or demand pricing model where SK-II can let consumers name their own prices for cosmetic products while SK-II provide cosmetic products that suit to these consumers on a trade-off that the consumer may get old stock or must buy other complimentary products as well.

  2. Development of a set of marketing recommendations, marketing mix campaign and customer care initiatives.

    The phone uses the Symbian operating system, which at present time it only reaches to Nokia 7650 handset. In order to view the video clips, ''users first have to download an Oplayer player. They send an SMS to Oplayo, then after receiving a message, download the player via GPRS.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work