Search past question, project, seminar or forum topic:



Browser Security

Seminar topic for Computer Science department.

Introduction

The well-known social engineering attack called phishing makes the credulous Internet user to disclose confidential information to the attacker, although he usually would direct these information only to a trustworthy communication partner he thinks to communicate with. The attack leads to an identity theft, the web visitor reveals his login credentials, e.g. personal identifi cation numbers, bank account transaction numbers or credit card numbers.

In a more advanced attack the adversary subverts the domain name systems (DNS). The attacker can force the DNS system to resolve a victim's site domain to an attacker-controlled IP address. This can be achieved by techniques like DNS poisoning and DNS response forgery. Nowadays DNS systems can be more and more manipulated in wireless network environments which are mainly still not secured properly.

Often a wireless LAN router can be compromised easily and either the whole software can be swapped or manipulated or only DNS settings can be changed and might then point to a DNS server the attacker owns. This attack is also known as Drive-by pharming".

Additional to this deceptive (static) pharming attacks, there is a new, stronger attack called dynamic pharming. During this kind of attack, the attacker rst delivers a web document containing malicious content (e.g. JavaScript code) to the victim, and then forces the victim's browser to connect to the legitimate server in a separate window, frame, table eld, etc.

The adversary waits for the victim to authenticate himself to the legitimate server, and then uses the malicious JavaScript to hijack the victim's authenticated session. Dynamic pharming can be used to compromise even the strongest web authentication schemes currently known, e.g. passwords, authentication cookies or client-side SSL. It is a special kind of a DNS rebinding attack.


For complete material - Click Here

Other topics you might be interested in: