Website 'spoofing' still fools users, security study reveals
A close look at vulnerabilities in about 15,000 websites found 86 percent have at least one serious hole that hackers could exploit, and content spoofing is the most prevalent vulnerability, identified in over half of the sites, according to WhiteHat Security's annual study published last week.
Content spoofing is a way to get a website to display content from the attacker, says Jeremiah Grossman, CTO at WhiteHat, an IT security vendor. A criminal might do this to steal sensitive customer information or simply to embarrass the owners of a website. In any event, in content spoofing, the fake content is not actually on the website as it would be in a web defacement, but simply appears to be there, Grossman points out. (A variation is email spoofing, which makes an email message appear to come from a trusted correspondent; it often includes a link that sends the reader to a malicious site.)