Phishing & Pharming. 2 Oct. 2004 to July 2005 APWG.

Slides:

Advertisements

Similar presentations

Cross-site Request Forgery (CSRF) Attacks

Advertisements

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Internet Phishing Not the kind of Fishing you are used to.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

User Authentication and Password Management John Mitchell CS 142 Winter 2009.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

Phishing Definition: a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial.

Online Security Tuesday April 8, 2003 Maxence Crossley.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.

1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.

Phishing – Read Behind The Lines Veljko Pejović

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.

Password Authentication J. Mitchell CS 259. Password fileUser exrygbzyf kgnosfix ggjoklbsz … kiwifruit hash function.

Spam and Phishing Dan Boneh CS 155 Spring How works: SMTP (RFC 821, 1982) Some SMTP Commands: MAIL FROM: RCPT TO: If unknown recipient: response.

The OWASP Foundation OWASP Chennai Phishing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen

Presented By Jay Dani.  Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine,

Phishing Rising to the challenge Amy Marasco Microsoft.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

TRUST, Washington, D.C. Meeting January 9–10, 2006 Combating Online Identity Theft Spoofguard, PwdHash, Spyware, Botnets John Mitchell (Stanford)

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

March 2007 | Prague 1 Technical University of Vienna Politecnico di Milano Engin Kirda Christopher Kruegel Angelo P.E. Rosiello AntiPhish: An Anti-Phishing.

Anti Phishing & Spam -- by lynn. Spam Anti Spam and How White-lists Black-lists Heuristics –Bayes –Neural Networks Static technique –keyword checking.

CAP6135: Malware and Software Vulnerability Analysis Spam and Phishing Cliff Zou Spring 2010.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

KAIST Web Wallet: Preventing Phishing Attacks by Revealing User Intentions Min Wu, Robert C. Miller and Greg Little Symposium On Usable Privacy and Security.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Reliability & Desirability of Data

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

CMU Usable Privacy and Security Laboratory Phinding Phish: An Evaluation of Anti-Phishing Toolbars Yue Zhang, Serge Egelman, Lorrie.

11 CANTINA: A Content- Based Approach to Detecting Phishing Web Sites Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/6/7.

The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.

Ram Santhanam Application Level Attacks - Session Hijacking & Defences

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.

How Phishing Works Prof. Vipul Chudasama.

1 Robust Defenses for Cross-Site Request Forgery Adam Barth, Collin Jackson, John C. Mitchell Stanford University 15th ACM CCS.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

BeamAuth : Two-Factor Web Authentication with a Bookmark 14 th ACM Conference on Computer and Communications Security Ben Adida Presenter : SJ Park.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Social Engineering © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.

1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.

Session Management Tyler Moore CS7403 University of Tulsa Slides adapted in part or whole from Dan Boneh, Stanford CS155 1.

CAP6135: Malware and Software Vulnerability Analysis Spam and Phishing Cliff Zou Spring 2013.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

1 Phinding Phish : Evaluating Anti- Phishing Tools Yue Zhang,Jason Hong (2007) Carnegie Mellon University.

August 2001 Slide 1 Extensions to TLS Simon Blake-Wilson Certicom David Hopwood Independent Consultant Jan Mikkelsen Transactionware Magnus Nystrom RSA.

Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.

CAP6135: Malware and Software Vulnerability Analysis Spam and Phishing Cliff Zou Spring 2016.

Setting and Upload Products

Conveying Trust Serge Egelman.

Part 2 Setting up a web server the easy way

Password Authentication

Presentation transcript:

Phishing & Pharming

2 Oct to July 2005 APWG

3

4 Note: no SSL. Typically: short lived sites.

5 Common Phishing Methods  Often phishing sites hosted on bot-net drones.  Move from bot to bot using dynamic DNS.  Use domain names such as:  Use URLs with multiple redirections:  Use randomized links: 

6 Industry Response  Anti-phishing toolbars: Netcraft, EBay, Google, IE7  IE7 phishing filter:  Whitelisted sites are not checked  Other sites: (stripped) URL sent to MS server  Server responds with “OK” or “phishing”

7 Pharming  Cause DNS to point to phishing site  Examples: 1. DNS cache poisoning 2. Write an entry into machine’s /etc/hosts file: “ Phisher-IP Victim-Name ”  URL of phishing site is identical to victim’s URL  … will bypass all URL checks

8 Response: High assurance certs  More careful validation of cert issuance  On browser (IE7) : … but most phishing sites do not use HTTPS

9 Other industry responses: BofA, PassMark ING bank login

10 Industry Response: Bank of Adelaide

11 ING PIN Guard

12 T.G.s: The next phishing wave  Transaction generation malware:  Wait for user to login to banking sites  Issue money transfer requests on behalf of user.  Reported malware in UK targeting all four major banks.  Note:These are social engineering attacks. Not just a windows problem.

13 Some ID Protection Tools  SpoofGuard: (NDSS ’04)  Alerts user when viewing a spoofed web page.  Uses variety of heuristics to identify spoof pages.  Some SpoofGuard heuristics used in eBay toolbar and Earthlink ScamBlocker.  PwdHash : (Usenix Sec ’05)  Browser extension for strengthening pwd web auth.  Being integrated with RSA SecurID.

14 Password Hashing (pwdhash.com)  Generate a unique password per site  HMAC fido:123 (banka.com)  Q7a+0ekEXb  HMAC fido:123 (siteb.com)  OzX2+ICiqc  Hashed password is not usable at any other site Bank A hash(pwd B, SiteB) hash(pwd A, BankA) Site B pwd A pwd B =