[3949] in WWW Security List Archive
"Web spoofing" paper by Princeton team (fwd)
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Fri Jan 10 20:59:20 1997
From: Prentiss Riddle <riddle@is.rice.edu>
To: www-security@ns2.rutgers.edu
Date: Fri, 10 Jan 1997 17:21:42 -0600 (CST)
Errors-To: owner-www-security@ns2.rutgers.edu
Forwarded from Edupage (http://www.educom.edu/web/pubs/edupage.html),
9 January 1997:
| WEB SPOOFING IS NO JOKE
| Researchers at Princeton University have released a paper documenting ways
| that nefarious crackers could dupe unwitting Web browsers into divulging
| personal information, such as bank personal identification numbers or credit
| card numbers. One way to do this is to break into a legitimate Web server
| and alter the links to other sites, so that when users click to transfer,
| they're actually transported to the cracker's computer where the virtual
| hijacker can watch every move they make (such as entering credit card info
| when prompted). The researchers suggest that Web surfers take the following
| precautions: disabling JavaScript in their Web browsing software; keeping
| an eye on the software's location line, to ensure they know where they are;
| and paying close attention to the addresses they visit. (Chronicle of
| Higher Education 10 Jan 97 A25)
| < http://www.cs.princeton.edu/sip/pub/spoofing.html >
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Home office: 2002-A Guadalupe St. #285, Austin, TX 78705 / 512-323-0708
