Phishing Attacks - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Phishing Attacks

Description:

... to prove authenticity of the server before disclosing content ... Proxy Server. username. password. confidential. Content Triggered TN. Travis' Computer ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 13
Provided by: travisl5
Category:

less

Transcript and Presenter's Notes

Title: Phishing Attacks


1
Phishing Attacks
Internet Security Research LabBrigham Young
UniversitybyJim Henshaw, Travis Leithead, Kent
Seamons jph26_at_email.byu.edu, travisl,
seamons_at_cs.byu.edu February 9, 2004
2
Trusted Server?
  • Threat Attacker fools the client into trusting
    the server
  • Typo pirates
  • www.paypa1.com vs. www.paypal.com
  • HTTP URL login
  • http//www.trustedsite.com/.../_at_hacker.org

3
Trusted Server?
  • IE address bar URL spoofing flaw(announced Dec.
    10, 2003 by Sam Greenhalgh)(patch available Feb.
    2, 2004 from Microsoft)
  • http//microsoft.comnull character_at_hacker.orgc
    auses browser to display
  • http//microsoft.com
  • Information on MS IE security patch
  • http//support.microsoft.com/default.aspx?scid834
    489
  • Demonstration of address bar URL spoofing
  • http//www.secunia.com/internet_explorer_address_b
    ar_spoofing_test/

4
Phishing defined
  • Phishing attacksThe mass distribution of
    e-mail messages with return addresses, links, and
    branding which appear to come from legitimate
    companies, but which are designed to fool the
    recipients into divulging personal authentication
    data(www.antiphishing.org)
  • Up to 20 of recipients may respond to the
    phishing attack, resulting in financial losses,
    identity theft, and other fraudulent
    activity.(www.antiphishing.org)

5
Phishing Attack Example
6
Phishing Attack Example
7
travis2004

8
Content Triggered Trust Negotiation
  • Protection against the submission of trusted
    information to untrusted servers.
  • Uses filters on client-disclosed content to
    detect sensitive information
  • Initiates a trust negotiation to prove
    authenticity of the server before disclosing
    content

9
Content Triggered TN
username password
username password
Trust NegotiationProxy Server
Phishing Web Server
10
Content Triggered TN
Trust NegotiationProxy Server
Phishing Web Server
11
Content Triggered TN
Trust NegotiationProxy Server
username password
confidential
Trusted Web Server
12
Conclusion
  • Content Triggered Trust Negotiation prevents
    unwanted disclosure of sensitive content
  • Content Triggered Trust Negotiation is one
    approach to detecting
  • Typo pirates
  • URL spoofing
  • Phishing attacks
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Phishing Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!