You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Denial of Service

Denial of Service White Papers

Web Spoofing: an Internet Con Game

Overview This paper describes an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on today's systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer. Web spoofing allows an attacker to create a "shadow copy" of the entire World Wide Web. Accesses to the shadow Web are funneled through the attacker's machine, allowing the attacker to monitor all of the victim's activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim's name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web. We have implemented a demonstration version of this attack.

Further White Paper Details
Publisher	Princeton University	File Format	HTML
Date Published	August 2003	Downloads	4
Format	White Papers
Topics	Denial of Service, Security Tools

Did you find this white paper useful? 2 out of 3 users found this white paper useful

SprintSecure Message Protection Fact Sheet

SprintSecure(sm) Message Protection keeps businesses safe from potential security risks due to the explosive growth of email. Read this solution brief to see how to keep your email assets...

Publisher:
Sprint

Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload...

Publisher:
Cisco Systems

Secure Health Monitoring Network Against Denial-of-Service Attacks Using Cognitive Intelligence

Secure and energy efficient transmission is a main concern in many wireless sensor network applications. In this paper, two types of denial-of-service attacks that affect the routing layer are analyzed...

Publisher:
Syracuse University

Tags:
monitoring systems

Combating Spam and Denial-of-Service Attacks With Trusted Puzzle Solvers

Cryptographic puzzles can be used to mitigate spam and Denial-of-Service (DoS) attacks, as well as to implement timed-release cryptography. However, existing crypto puzzles are impractical because: solving them wastes computing...

Publisher:
Dartmouth College

Tags:
network security

Is Your Anti-Spam Defense at the Top of its Game?

Spammers continue to change their spam distribution tactics in order to maximize delivery rates for their messages. As a result, educational institutions are being flooded with an increase in...

Publisher:
Proofpoint

PGP flaw turns emails into 'digital bullets'

Email messages encrypted with the Pretty Good Privacy (PGP) program can be used as 'digital bullets' to attack and take control of a victim's computer, according to security consulting firm Foundstone.

Channel:
Security Strategy

Major Microsoft security flaw exposed

By following the link returned in the message, the attacker can change the password for the victim's account. The flaw, in Passport's password recovery mechanism, allowed an attacker to change the password on any account to which the user name is...

Channel:
SOA/Web Services

The Bloor Perspective: ID theft, infrastructure modelling, new breed of consultants

One of the reasons why it has been such a problem in the US is the traditional use of social security numbers as an identifier - a piece of information that, when linked to the name and address of the individual, makes it relatively easy for a...

Channel:
IT Director

Can I be your MSN Messenger buddy? And look at your hard drive too…

The vulnerability in MSN Messenger versions 6.0 and 6.1 could let an attacker view the contents of a victim's hard drive during a chat session with the victim. If anonymous callers are blocked, the attacker has to be identified on the victim's...

Channel:
Desktops

US uni tells students to dump IE

Once the PC is compromised, the attacker could access account information, load other software and delete files. These attacks are often launched when a victim clicks on a specific web link, opening the door for criminals to take over the person's...

OpenID at risk due to DNS flaw, claims researcher

Clayton wrote: "The problem that Ben [Laurie] and I have identified is that an attacker can poison a DNS cache so it serves up the wrong IP address for openid.sun.com. Then, even if the victim is really cautious and uses HTTPS and checks the cert...

Channel:
Security Strategy
Tags:
risk,
openid,
dns

Featured White Papers

The Role of the x86 Processors in the Virtualized, Energy-Contstrained Datacentre

This IDC White Paper analyzes the latest technology and market developments in the x86 server space, which has been significantly impacted by the spread of virtualization solutions and the rise of energy issues. The paper puts AMD's latest 45nm quad-core AMD Opteron Processor, codenamed "Shanghai," in context in this environment and analyzes its opportunities in the European market.

Publisher:
Advanced Micro Devices (AMD)

Vmware-Disaster Recovery Solutions from Vmware

VMware Infrastructure transforms disaster recovery byproviding you rapid, reliable and cost-effective disasterrecovery:? Makes disaster recovery affordable through consolidationsavings and re-use of existing servers for your disasterrecovery site? Provides rapid recovery that is hardware independent,simpler to backup and recover, and enables quickprovisioning of your disaster recovery site? Simplifies the ability to test thereby enhancing disasterrecovery plan reliability

Publisher:
Vmware

High Level Best Practices in Software Configuration Management

When deploying new software configuration management (SCM) tools, implementers sometimes focus on perfecting fine-grained activities, while unwittingly carrying forward poor, large-scale practices from their previous jobs or tools. The result is a well-executed blunder. This paper promotes some high-level best practices that reflect the authors' experiences in deploying SCM.