TRUST 2 nd Year Site Visit, March 19 th, 2007 ID Theft Knowledge Transfer.

Slides:



Advertisements
Similar presentations
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Advertisements

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Access and Overview. Login procedures and requirements. Creating and updating tickets. Understanding special ticket states. Adding an attachment to an.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Anti-Phishing Scheme: Preventing Confidential Data from Posted to Spoofed Site.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.
Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Årskonference 2003 Theory and Practice of Personal Digital Signatures - The ITSCI project Ivan Damgård, University of Aarhus.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.
RSA SecurID November 10, 2005.
By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.
Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth.
Windows 2003 and 802.1x Secure Wireless Deployments.
Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.
Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.
TRUST, Washington, D.C. Meeting January 9–10, 2006 Combating Online Identity Theft Spoofguard, PwdHash, Spyware, Botnets John Mitchell (Stanford)
Lecture 5 Page 1 CS 236 Online Certificates A ubiquitous form of authentication Generally used with public key cryptography A signed electronic document.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
TRUST, Berkeley Meetings, March 19-21, 2007 Online ID Theft, Phishing, and Malware Primary faculty Stanford: Boneh, Mitchell Berkeley: Tygar,Mulligan CMU:
CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
HCIMA Unit 3 The Internet Revolution and Electronic Tools Next slide.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 49 The Dangers of Spyware and Phishing.
Subversion Code Deployment LifeCycle August 2011.
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
Welcome to the Minnesota SharePoint User Group January 9 th, 2008 Vendor Demonstrations CommVault, Barracuda.
Browser Security Evaluation IE6 vs. IE7 vs. Firefox 3.0 Gowri Kanugovi.
Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Lecture 10 Single Sign-On systems. What is Single Sign-on? Lets users authenticate themselves once and access different applications without re-authentication.
Paul Butterworth Management Technology Architect
CoBrow Collaborative Browsing A Virtual Presence Service RE 1003 RE 4003.
BY : MUHAMMAD KHUZAIMI B. ISHAK 4 ADIL PUAN MAZITA INFORMATION AND COMMUNICATION OF TECHNOLOGY.
Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2015/11/14 1 NTUIM.
A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Phishing & Pharming. 2 Oct to July 2005 APWG.
Comprehensive Project Management Solutions with the.NET Server family.
Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.
Personal Security for Advanced Users Group 18 Andrew Trusty, Gaurav Mullick.
Cybersecurity Test Review Introduction to Digital Technology.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Vendor Demonstrations
Conveying Trust Serge Egelman.
Certificates An increasingly popular form of authentication
Protect Your Computer Against Harmful Attacks!
Penn’s Trusted IT Partner
AppExchange Security Certification
Trust is a Two-Way Street Ebony Buckley
Teaching you NOT to fall for Phish
Single Sign On Glen Dorton 1/18/2019.
Chinese wall model in the internet Environment
Challenge-Response Authentication
The CPA Firm Of NOW! June 8, 2017.
Certificates An increasingly popular form of authentication
Presentation transcript:

TRUST 2 nd Year Site Visit, March 19 th, 2007 ID Theft Knowledge Transfer

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft2 Impact Phishing attacks growing in scale and sophistication – Main reason: phishers can steal real money. Research goal: – Make it harder for phishers to obtain user information that can lead to monetary theft Technology transfer – Freely distributed open-source software – Talks at conferences, industry meetings (ITTC, …) – Startups – Partnering arrangements

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft3

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft4 Technology Transition Plan PwdHash: RSA Security ( – Initial integration completed fall 2006 – Hope to convince IE team to embed natively in IE SpyBlock deployment: – Available at – Relevant companies: Mocha5, VMWare – Dialog with companies about transaction generators SafeHistory: Microsoft, Mozilla. – Available at

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft5 Public relations activities News articles on PwdHash: – Many articles in popular press, still appearing – Computerworld Horizon Award: August 2006 SafeHistory & SafeCache: – WWW ’06 paper Timing attacks – WWW ’07 paper SpyBlock and transaction generation – Report completed; conference paper in process

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft66

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft7"Title", J.Q. Speaker-Name7

TRUST 2 nd Year Site Visit, March 19 th, 2007KT-ID Theft8 PwdHash and RSA SecurID Tech transfer: available as IE and Firefox extensions – Working to convince MS to embed natively into IE Integration with RSA SecurID: – Motivation: “man in the middle” phishing attacks Defeats one-time password systems – Phase I: apply PwdHash to one-time passwords Requires updates to SecurID server and PwdHash – Phase II: authenticate server to client Planned for next year

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.