Archive for the 'Spoofing' Category

School of Phish: A Real-Word Evaluation of Anti-Phishing Training

Thursday, July 16th, 2009

http://cups.cs.cmu.edu/soups/2009/proceedings/a3-kumaraguru.pdf
Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair and Theodore Pham
How do we train users to not be phished?  There are existing materials out there that are pretty good, but they could be better.  Regardless, most people don’t proactively go looking for security training materials and “security notice” e-mails sent [...]

Min Wu, Robert C. Miller, and Greg Little: Web Wallet

Friday, July 14th, 2006

Read the paper here.
Phishing is a semantic attack: it exploits the gap between user’s intentions and the system’s operation (in particular when submitting data).  The key factors are: what is the data and where will it go?
The Web Wallet is a browser sidebar that users open by pressing a secure attention key (F2).  [...]

Ka-Ping Yee and Kragen Sitaker: Passpet

Thursday, July 13th, 2006

Read the paper here.
Passpet is a Firefox extension that helps you manage your passwords and protects you from phishing.  You memorize one master secret, and you click on your Passpet to generate a unique password for each site.  The Passpet icon is a randomly chosen animal that differs from user to user.  [...]

How to Manage Passwords and Prevent Phishing

Wednesday, February 8th, 2006

I have an idea about how to solve the phishing problem.  Although proposals to solve phishing are not yet as common as proposals to solve spam, there certainly have been quite a few of them, so you would be right to wonder what makes this proposal any different or any more likely to work.
So, [...]

Challenges: Simon Says

Saturday, July 23rd, 2005

Time for another challenge.  Today, I’d like to describe what I call the “Simon Says” problem.
A Simon Says problem occurs when the safe course of action requires the user to respond to the absence of a stimulus.

Challenges: Obedience to Authority

Tuesday, July 19th, 2005

From time to time, I’ll highlight some of the special challenges faced by designers of usable security.  Let’s start with a fairly obvious problem that’s often exploited in security attacks on people:
The “Obedience to Authority” problem occurs when the safe course of action requires the user to reject or contravene an apparently authoritative command.
“Obedience [...]

Dynamic Security Skins

Friday, July 8th, 2005

This paper proposes a scheme called Dynamic Security Skins to combat phishing.
Rachna calls phishing the “ultimate SOUPS problem” because phishers and security designers battle in the user interface, because attacks are rapidly evolving, and because it’s a real-world problem.  Phishers rapidly iterate on HCI designs, exactly as we are taught to do in HCI, [...]

Interesting post on Phishing

Thursday, July 7th, 2005

Given that several speakers, papers, and posters mention phishing in this conference, some readers may enjoy reading this account.