Interface Illusions
The name for this attack is
borrowed from Elias Levy. An interface
illusion is a spoofing attack in which all or part of a web page is false.
The object of the attacker is to convince the user to do something
inappropriate, for example, to enter personal banking information on a site
that is not the bank's, to click yes on a button that actually means no, or
simply to scroll the screen to activate an event that causes malicious software
to be installed on the victim's machine. Levy's excellent article gives other
excellent examples.
The problem is that every dot
of the screen is addressable. So if a genuine interface can paint dot 17 red,
so can a malicious interface. Given that, a malicious interface can display
fake address bars, scroll bars that are not scroll bars, and even a display
that looks identical to the real thing, because it is identical in all ways the
attacker wants it to be.
Nothing here is new, of
course. People diligently save copies of e-mail messages as proof that they
received such a message when, in fact, a simple text editor will produce any
authentic -looking message you want. System pranksters like to send facetious
messages to unsuspecting users, warning that the computer is annoyed. These all
derive from the same point: There is nothing unique, no trusted path assured to
be a private and authentic communication channel directly to the user.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.