[4634] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Regarding Web Spoofing

daemon@ATHENA.MIT.EDU (David M. Chess)
Mon Mar 3 13:30:38 1997

Date: Mon, 3 Mar 97 11:02:01 EST
From: "David M. Chess" <CHESS@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

> From: "Swarup Biswas" <swarup@pc.jaring.my>

> One of the ways to detect if the web is a spoofed one , is by its
> URL so I just wanted to know is there any way one can hide some
> characters appearing and URL when the spoofed page is invoked?

Read the original Felten et. al. paper:

  http://www.cs.princeton.edu/sip/pub/spoofing.html

It talks about various ways to hide or forge the URL that's
displayed to the user.  Various Web browsers allow pages to
change all *sorts* of stuff about what the user sees, via
JavaScript and so on.

- -- -
David M. Chess                  |  Two: one to change the lightbulb, and
High Integrity Computing Lab    |    one to fill the bathtub with
IBM Watson Research             |    brightly-colored machine tools


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4634] in WWW Security List Archive

Re: Regarding Web Spoofing

daemon@ATHENA.MIT.EDU (David M. Chess)Mon Mar 3 13:30:38 1997

daemon@ATHENA.MIT.EDU (David M. Chess)
Mon Mar 3 13:30:38 1997