Using crypto against Phishing, Spoofing and Spamming...
Amir Herzberg
amir at herzberg.name
Sun Jul 4 06:30:21 EDT 2004
Following some of our discussions on this list, I tried to think more
seriously on how crypto could be used for the basic current security
threats of spoofing, phishing and spamming. Preliminary write-ups of the
results are available in the following (or from my homepage):
# Protecting (even) Naïve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
# Controlling Spam by Secure Internet Content Selection, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spam.pdf
I believe many of you will find some interest in (criticizing?) the new
ideas and proposals, and I'll be very grateful for any feedback; the
works already benefited a lot from some discussions on this list,
including some of you who asked me essentially to `write up your ideas`.
I am also very interested in working with potential implementors; I am
already working on implementations with students, but, additional and
potentially more experienced developers may help us turn some of these
ideas into reality.
BTW, I'm already using the anti-spamming mechanism (trusted logo and
credentials area) we developed for Mozilla, and it works great; I hope
we'll feel soon confident enough with the code so we'll be able to put
it in the public domain. Experienced Mozilla developers who will be
willing to help test and evaluate the code are invited to contact me.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://AmirHerzberg.com (information and lectures in cryptography &
security)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list