The Safe Internet Programming group at the Princeton University Department of Computer Science in 1996 published a paper on the practice known as "web spoofing," through which an attacker intervenes between an end-user browsing the Web and real Web sites. The attacker sets up a shadow copy of the Web, and as users request pages from sites they will receive pages from the attacker's site instead. This process also enables attackers to gather data (possibly credit card numbers, etc.) submitted through bogus web forms. The nine-page paper describes how the con game works and suggests remedies. The article is available in PostScript, compressed PostScript, Microsoft Word, and zipped Microsoft Word format. Unfortunately, it is not available online as HTML.
Comments