The Phuture of Phishing
by: Billy Hoffman

Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.

SPI Dynamics is hosting my Toorcon presentation and is hosting my free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of my presentation for the memed website.

I even quote Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded)

Tom Cross: This technology has no legitimate use.

SPI has been very supportive of my research, and I hope they continue to do so.

The Phuture of Phishing
by: Billy Hoffman

Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.

SPI Dynamics is hosting Acidus's Toorcon presentation and is hosting his free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of the presentation form the memed website.

Acidus quoted Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded):

Tom Cross: This technology has no legitimate use.

I assure you that's a complement. Its in reference to an offensive tool. Industrial Memetics is proud to have Billy around.

Kudos to SPI Dynamics for supporting Billy's current research.