IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.87 Web spoofing<br />

Web spoofing involves perpetrators "forging" WWW servers, that is to say,<br />

they set up their WWW sever to pretend that it is a particular, reliable WWW<br />

server. This is done by choosing a WWW address in such a way that many<br />

users assume they are connected to a particular institution just from the choice<br />

of address. Even if the correct computer name is used, Web spoofing is<br />

possible if perpetrators use DNS spoofing (see G 5.78 DNS-Spoofing).<br />

Example:<br />

- It is not the official Homepage of the White House which is found under<br />

the address www.whitehouse.com but that of a prankster.<br />

- <strong>The</strong> XY bank has the WWW address www.xy-bank.de. Perpetrators can<br />

set up WWW sites under www.xybank.de or www.xy-bank.com which at<br />

first glance appear to be that of the XY bank. <strong>The</strong>y then enter the addresses<br />

in various search machines, choosing keywords that XY customers may<br />

well search for.<br />

Users who call up these sites will assume that they are communicating with<br />

the WWW server of their bank. <strong>The</strong>y are therefore willing to enter their<br />

account number and PIN number or other access codes. <strong>The</strong>y may also<br />

read offers there which interest them but are false, such as profitable<br />

investments or property offers which they would like to accept. If the bank<br />

cannot make these offers under these conditions or cannot make them at<br />

all, the customers are at best dissatisfied and at worst, it can end in legal<br />

disputes.<br />

Rather than trying to manipulate or imitate an existing WWW server,<br />

perpetrators can also bring their own WWW offer into the Internet and present<br />

it in such a way that each visitor has the impression of being connected to an<br />

established, serious institution.<br />

Examples:<br />

- Goods may be offered for the sole purpose of obtaining the credit card<br />

numbers of potential customers.<br />

- <strong>The</strong>re have been cases in which trusting customers have wanted to invest<br />

money under profitable conditions with supposed banks. <strong>The</strong>y only knew<br />

of these banks via the Internet and only when the expected interest failed to<br />

arrive did they realise that it was simply a private WWW site which had in<br />

the meantime been deleted.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!