Upload

Loading...

Amir Herzberg: Defending against Phishing without Client-side Code (in Hebrew)

241 views

Loading...

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on May 4, 2011

Defending against Phishing without Client-side Code

We study defenses against phishing websites, which do not require installation of any software on the client side. The two main website defenses we discuss, are server identification e.g. using secret images, and the usage of bookmarks and/or cookies as a secondary form of authentication. We discuss the design of such server-only defenses, and results of experimental studies of security and usability.

Usability studies show that server-identification, e.g. by an image or text displayed in the login page, can provide a modest improvement in the detection rates of spoofed sites. We found an improvement in detection rates, when the user was actively involved in the image selection and display (e.g. if user must click on the image).

However, server-identifiers must be protected from exposure; this is usually achieved by some form of secondary user authentication, most commonly using cookies and/or bookmarks. We discuss these options. In particular, we show two possible advantages from using bookmarks to provide secondary user identification: improved defense against phishing, in particular against phishing emails and phishing by links, e.g. of search engine results; and ability to protect the authentication secrets against eavesdroppers and spoofed servers.
Bio

Prof. Amir Herzberg received B.Sc. (Computer Engineering), M.Sc. (Electrical Engineering) and D.Sc. (Computer Science), from the Technion, Israel, at 1982, 1987 and 1991, respectively. Since 1982, he worked in software and systems R&D, mostly in security and networking, as developer, manager and CTO, in few companies. During 1991-2000, Prof. Herzberg filled research and management positions in IBM Research (New York and Israel). Since 2002, he is an associate professor in the Computer Science department of Bar Ilan University. His current research interests include security of communication and commerce, quality of service, vehicular and ad-hoc networking, and applied cryptography

http://www.owasp.org/index.php/OWASP_...

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...