Spoofing
Web page spoofing
In Web page spoofing the attacker makes you believe you are at a “safe” site when you are really at a site controlled by the hacker. These attacks can include altering IE’s location bar to show the wrong URL, mixing real site content with altered content, and showing the title of the page being spoofed, making it almost impossible to determine that you are not where you think you are.
Two vulnerabilities affecting Internet Explorer:
(Both of which could enable an attacker to spoof trusted web sites).
The first vulnerability involves how digital certificates from web servers are validated. When CRL checking for such certificates is enabled, it could be possible for any or all of the following checks to no longer be performed:
• Verification that the certificate has not expired
• Verification that the server name matches the name on the certificate
• Verification that the issuer of the certificate is trusted
In Web page spoofing the attacker makes you believe you are at a “safe” site when you are really at a site controlled by the hacker. These attacks can include altering IE’s location bar to show the wrong URL, mixing real site content with altered content, and showing the title of the page being spoofed, making it almost impossible to determine that you are not where you think you are.
Two vulnerabilities affecting Internet Explorer:
(Both of which could enable an attacker to spoof trusted web sites).
The first vulnerability involves how digital certificates from web servers are validated. When CRL checking for such certificates is enabled, it could be possible for any or all of the following checks to no longer be performed:
• Verification that the certificate has not expired
• Verification that the server name matches the name on the certificate
• Verification that the issuer of the certificate is trusted
Comments