1 / 38

Anti-Phishing Technology

Anti-Phishing Technology. Chokepoints and Countermeasures. Aaron Emigh Radix Labs aaron@radixlabs.com. A Typical Phishing Email. Phishing Information Flow. Step 1: Phish Delivery. Authentication. Reducing False Positives. . Image Recognition. Simple idea: recognize logos.

michellehoward
Download Presentation

Anti-Phishing Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anti-Phishing Technology Chokepoints and Countermeasures Aaron EmighRadix Labsaaron@radixlabs.com

  2. A Typical Phishing Email

  3. Phishing Information Flow

  4. Step 1: Phish Delivery

  5. Authentication

  6. Reducing False Positives

  7. Image Recognition Simple idea: recognize logos

  8. Image Recognition Maybe not so simple…

  9. Image Recognition Fully render, then retrieve sub-images

  10. Patching

  11. Secure Patch Distribution

  12. Secure Patch Activation

  13. Automatic Secure Patch Activation

  14. Step 2: User Action

  15. Education Why Johnny can’t identify phish…

  16. Personally Identifiable Information

  17. Personally Identifiable Information

  18. Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click on <A HREF="http://security.ebay.com@phisher.com">this link.</A> <P>To go to a surprising place via a cloaked URL with a password, click on <A HREF="http://security.ebay.com:password@phisher.com">this link.</A> <P>To go to a surprising place via an open redirect, click on <A HREF="http://redirect.ebaysecurity.com?url=phisher.com">this link.</A> <P>To go to a surprising place via misleading link, click on <A HREF="http://phisher.com">http://security.ebay.com.</A>

  19. Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click on <A HREF="http://security.ebay.com@phisher.com">this link.</A> <P>To go to a surprising place via a cloaked URL with a password, click on <A HREF="http://security.ebay.com:password@phisher.com">this link.</A> <P>To go to a surprising place via an open redirect, click on <A HREF="http://redirect.ebaysecurity.com?url=phisher.com">this link.</A> <P>To go to a surprising place via misleading link, click on <A HREF="http://phisher.com">http://security.ebay.com.</A>

  20. Interfere With Navigation

  21. Detecting DNS Poisoning

  22. Steps 2 and 4: Information Sharing

  23. It’s the metadata, stupid!

  24. Step 4: Transmitting data

  25. Little Brother is Watching

  26. Steps 4 and 6: Secure Path

  27. Secure Path (That Was Then) Login: aaron Password: ******

  28. Secure Path (This Is Now)

  29. Secure Path (This Is Now)

  30. Step 6: Data Without Value

  31. Two-Factor Authentication

  32. Two-Factor Authentication

  33. Password Hashing

  34. Policy-based data

  35. Aftermath: Ex Post Facto Detection

  36. Aftermath: Information Sharing

  37. Conclusions

  38. Anti-Phishing Technology Chokepoints and Countermeasures Aaron EmighRadix Labsaaron@radixlabs.com

More Related