Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair and Theodore Pham
How do we train users to not be phished? There are existing materials out there that are pretty good, but they could be better. Regardless, most people don’t proactively go looking for security training materials and “security notice” e-mails sent [...]
Archive for the 'Spoofing' Category
Read the paper here.
Phishing is a semantic attack: it exploits the gap between user’s intentions and the system’s operation (in particular when submitting data). The key factors are: what is the data and where will it go?
The Web Wallet is a browser sidebar that users open by pressing a secure attention key (F2). [...]
Read the paper here.
Passpet is a Firefox extension that helps you manage your passwords and protects you from phishing. You memorize one master secret, and you click on your Passpet to generate a unique password for each site. The Passpet icon is a randomly chosen animal that differs from user to user. [...]
I have an idea about how to solve the phishing problem. Although proposals to solve phishing are not yet as common as proposals to solve spam, there certainly have been quite a few of them, so you would be right to wonder what makes this proposal any different or any more likely to work.
Time for another challenge. Today, I’d like to describe what I call the “Simon Says” problem.
A Simon Says problem occurs when the safe course of action requires the user to respond to the absence of a stimulus.
From time to time, I’ll highlight some of the special challenges faced by designers of usable security. Let’s start with a fairly obvious problem that’s often exploited in security attacks on people:
The “Obedience to Authority” problem occurs when the safe course of action requires the user to reject or contravene an apparently authoritative command.
This paper proposes a scheme called Dynamic Security Skins to combat phishing.
Rachna calls phishing the “ultimate SOUPS problem” because phishers and security designers battle in the user interface, because attacks are rapidly evolving, and because it’s a real-world problem. Phishers rapidly iterate on HCI designs, exactly as we are taught to do in HCI, [...]
Given that several speakers, papers, and posters mention phishing in this conference, some readers may enjoy reading this account.