160 likes | 225 Views
Phishing Attacks. Internet Security Research Lab Brigham Young University by Jim Henshaw, Travis Leithead, Kent Seamons jph26@email.byu.edu, {travisl, seamons}@cs.byu.edu February 9, 2004. Deceptive login name. Actual URL. Trusted Server?.
E N D
Phishing Attacks Internet Security Research LabBrigham Young UniversitybyJim Henshaw, Travis Leithead, Kent Seamons jph26@email.byu.edu, {travisl, seamons}@cs.byu.edu February 9, 2004
Deceptive login name Actual URL Trusted Server? • Threat: Attacker fools the client into trusting the server • Typo pirates: • www.paypa1.com vs. www.paypal.com • HTTP URL login • http://www.trustedsite.com/~.../@hacker.org
Trusted Server? • IE address bar URL spoofing flaw(announced Dec. 10, 2003 by Sam Greenhalgh)(patch available Feb. 2, 2004 from Microsoft) • http://microsoft.com[null character]@hacker.orgcauses browser to display • http://microsoft.com • Information on MS IE security patch: • http://support.microsoft.com/default.aspx?scid=834489 • Demonstration of address bar URL spoofing • http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
“Phishing” defined • Phishing attacks:“The mass distribution of e-mail messages with return addresses, links, and branding which appear to come from legitimate companies, but which are designed to fool the recipients into divulging personal authentication data”(www.antiphishing.org) • “Up to 20% of recipients may respond to [the phishing attack], resulting in financial losses, identity theft, and other fraudulent activity.”(www.antiphishing.org)
Possible URL spoofing attack:http://pages.ebay.com/reactivate[null]@steal_your_identity.com travis2004 *******
Content Triggered Trust Negotiation • Protection against the submission of trusted information to untrusted servers. • Uses filters on client-disclosed content to detect sensitive information • Initiates a trust negotiation to prove authenticity of the server before disclosing content
Travis’ Computer username password confidential Content Triggered TN username password username password Trust NegotiationProxy Server Phishing Web Server
Travis’ Computer username password confidential Content Triggered TN Trust NegotiationProxy Server Phishing Web Server
Travis’ Computer Content Triggered TN Trust NegotiationProxy Server username password confidential Trusted Web Server
Conclusion • Content Triggered Trust Negotiation prevents unwanted disclosure of sensitive content • Content Triggered Trust Negotiation is one approach to detecting • Typo pirates • URL spoofing • Phishing attacks