The two components of Web spoof In order to analyze the scope and severity of spoofing attacks, we need to study two parts: security decisions and hints.
Security decision
Safety decisions, herein referring to a type of decision that will lead to security issues. Such decisions often contain more sensitive data, which means that when making decisions, it may lead to unpopular results because of the leakage of critical data. This is likely to happen: Third-party use various decision-making data to break some secret, destroy activities, or lead to insecure consequences. For example, enter an account and password in some case, it is the security decision problem that we talk about here. Because the disclosure of accounts and passwords will produce problems we don't want to happen. In addition, it is also a type of security decision-making issue from the Internet to download files. Can not be denied, in the downloaded files may contain ingredients with malicious destruction, although such things will not occur frequently.
Security decision issues are everywhere, even when we make decisions through reading display information, there is also a security decision-making issue on information accuracy. For example, if you decide to purchase a certain type of securities based on the securities price provided by the online securities site, you must ensure the accuracy of the received information. If someone deliberately provides incorrect securities prices, it is inevitable that someone will waste their wealth.
Hint
The WWW site is provided to the user is a variety of various types of information, and people will freely read the web page through the browser to make a corresponding decision based on the context environment. The text on the web page, drawing and sound can give people a deep impression, and in this context, people tend to be able to determine the address of the page. For example, a special identification is generally meant to be in a company's Web site.
We all know that the emergence of the goal is often transmitted in a hint. In the computer world, we tend to be accustomed to all kinds of icons, graphics, which represent different meaning of different types. Experienced browser users respond to certain information is like the reacts of traffic signals and flags like the experienced drivers.
The name of the target can communicate more fully. It is often based on the name of a file. Is MANUAL.DOC a text of the user manual? It can be an additional file type instead of a document with a class of user manuals. Is there a microsoft's URL address that a Microsoft.com's link must point to Microsoft Company know? Obviously can steal the column, replace other addresses.
It is often a hint in the order of time. If two events happen, you will naturally think they are related. If you click on the web page of the bank, the username dialog appears simultaneously, you will naturally think you should enter your account and password in the bank. If you start downloading immediately after clicking a document link, you will naturally think that the file is downloading from the site. However, the above ideas are not necessarily correct.
If you just see a pop-up window, then you will contact a visual event without recognizing an incomplete event hidden behind the window. Modern user interface program designer spends a lot of energy to design simple and easy-to-understand interfaces, people feel convenient, but potential issues are people may be accustomed to this, inevitably be deceived by this hint.
