Author
Edward W. Felten,Dirk Balfanz,Drew Dean,Dan S. Wallach
Abstract
This paper describes an Internet security attack that could endanger the
privacy of World Wide Web users and the integrity of their data. The attack
can be carried out on today's systems endangering users of the most common
Web browsers, including Netscape Navigator and Microsoft Internet Explorer.
Web spoofing allows an attacker to create a "shadow copy" of the entire
World Wide Web. Accesses to the shadow Web are funneled through the
attackers machine, allowing the attacker to monitor all of the victim's
activities including any passwords or account numbers the victim enters.
The attacker can also cause false or misleading data to be sent to Web
servers in the victim's name, or to the victim in the name of any Web server.
In short, the attacker observes and controls everything the victim does on
the Web.
We have implemented a demonstration version of this attack.