Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs"— Presentation transcript:

1 Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs aaron@radixlabs.com

2 A Typical Phishing Email

3 Phishing Information Flow

4 Step 1: Phish Delivery

5 Authentication

6 Reducing False Positives

7 Reducing False Positives

8 Image Recognition Simple idea: recognize logos

9 Image Recognition Maybe not so simple…

10 Image Recognition Fully render, then retrieve sub-images

11 Patching

12 Secure Patch Distribution

13 Secure Patch Activation

14 Automatic Secure Patch Activation

15 Step 2: User Action

16 Education Why Johnny can’t identify phish…

17 Personally Identifiable Information

18

19 Unmask Deceptive Links To go to a surprising place via a cloaked URL, click on this link. To go to a surprising place via a cloaked URL with a password, click on this link. To go to a surprising place via an open redirect, click on this link. To go to a surprising place via misleading link, click on http://security.ebay.com.

20 Unmask Deceptive Links To go to a surprising place via a cloaked URL, click on this link. To go to a surprising place via a cloaked URL with a password, click on this link. To go to a surprising place via an open redirect, click on this link. To go to a surprising place via misleading link, click on http://security.ebay.com.

21 Interfere With Navigation

22 Detecting DNS Poisoning

23 Steps 2 and 4: Information Sharing

24 It’s the metadata, stupid!

25 Step 4: Transmitting data

26 Little Brother is Watching

27 Step 4 Variant: Cross-Site Scripting

28 Cross-Site Scripting: Countermeasure

29 Steps 4 and 6: Secure Path

30 Secure Path (That Was Then) Login: aaron Password: ******

31 Secure Path (This Is Now)

32

33 Step 6: Data Without Value

34 Two-Factor Authentication

35

36 Password Hashing

37 Policy-based data

38 Aftermath: Ex Post Facto Detection

39 Aftermath: Information Sharing

40 Conclusions

41 Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs aaron@radixlabs.com

Download ppt "Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs"

Similar presentations

Introduction to MyLO for Students This work by the Tasmanian Institute of Learning and Teaching is licensed under a Creative Commons Attribution 4.0 International.

Introduction to MyLO for Students This work by the Tasmanian Institute of Learning and Teaching is licensed under a Creative Commons Attribution 4.0 International.
Click to edit Master title style How to Create a Discussion Silver & VIP members -- 2011.

Click to edit Master title style How to Create a Discussion Silver & VIP members
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
SCHOLARSHIP INTEREST & ELIGIBILITY SURVEY. PURPOSE OF THE SURVEY This survey is being conducted to get information about your interest in particular areas.

SCHOLARSHIP INTEREST & ELIGIBILITY SURVEY. PURPOSE OF THE SURVEY This survey is being conducted to get information about your interest in particular areas.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Viruses, Phishing and Pharming Megan, Matt, Rishi.

Viruses, Phishing and Pharming Megan, Matt, Rishi.
The OWASP Foundation OWASP Chennai 2007 Phishing.

The OWASP Foundation OWASP Chennai Phishing.
Quiz Review.

Quiz Review.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.
Working from home/off-campus - Electronic Resources Off campus access and authentication routes 2009/2010.

Working from home/off-campus - Electronic Resources Off campus access and authentication routes 2009/2010.
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
INE1020 Introduction to Internet Engineering Tutorial 8 All about Lab 6.

INE1020 Introduction to Internet Engineering Tutorial 8 All about Lab 6.
C OMPUTER C ONCEPTS Unit 1 Concept 3 – Solving Technological Problems.

C OMPUTER C ONCEPTS Unit 1 Concept 3 – Solving Technological Problems.
1.NET Web Forms Security Issues © 2002 by Jerry Post.

1.NET Web Forms Security Issues © 2002 by Jerry Post.

Similar presentations

Ads by Google