Using crypto against Phishing, Spoofing and Spamming...
Amir Herzberg
herzbea at macs.biu.ac.il
Sun Jul 11 04:49:52 EDT 2004
> There still remains the issue that you can provide a good visual
> approximation to any peace of software just by using JavaScript and
> HTML. I fear that too many users would fall for that. 8-(
We think that the trusted credenatials and logo area will provide some
protection against this as well,
since you get very clear indication of running an insecure site (see
screen shots)... of course I agree with you that we should validate this
intuition with user studies (and I'm trying to arrange these).
>
>>In considering such solutions, it is important to distinguish threat
>>models. Phishing is so harmful because it succeeds without even breaking
>>in to users' computers.
Agree!
>
> But is it so harmful? How much money is lost in a typical phishing
> attack against a large US bank, or PayPal?
The Gartner study I've cited in my paper (off my homepage), and some
other publications I've seen, claim very high actual damages.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040711/61091df6/attachment.vcf>
More information about the cryptography
mailing list