INDEPTH: COMPUTER SECURITY
Internet speak
CBC News Online | Feb. 18, 2005
A | B | C | D | E | F | G | H | I | J | K | L | M | N |
O | P | Q | R | S | T | U | V | W | X | Y | Z
URL spoofing
|
URL spoofing - Any technique used to disguise the address (Uniform Resource Locator) of a website, usually to make it appear as if a copy of another website is the real thing. Often used in phishing attacks. If someone wants to spoof the URL www.realbank.ca, there are several ways of doing it:
1) Using the IP address, instead of the domain name. E.g.: 159.33.3.85. Some users may ignore their browser's address bar or may be overwhelmed by the address's complexity.
2) Using an address that looks like it could be the real thing. E.g.:www.realbank-secure.ca.
3) Subtle typos. E.g.: www.raelbank.ca.
4) Substituting a letter in the real address with a look-alike. E.g.: www.reaIbank.ca, substituting the letter "l" with the number "I".
5) Using an address with a user name that looks like the address of the legitimate site. E.g. www.realbank.ca@159.33.3.85. This address will attempt to connect the user "www.realbank.ca" to the server at IP address 159.33.3.85. This will usually work even if there is no user by that name on the server. Some browsers will alert you if you try to access such an address.
|
^TOP
|
|
 |
 MENU |
|
|
| MORE: |
|
|
|
