Create an Account
username: password:
 
  MemeStreams Logo

Phuture Of Phishing: Presentation and code

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Phuture Of Phishing: Presentation and code
Topic: Technology 4:41 pm EDT, Sep 23, 2005

The Phuture of Phishing
by: Billy Hoffman

Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.

SPI Dynamics is hosting my Toorcon presentation and is hosting my free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of my presentation for the memed website.

I even quote Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded)

Tom Cross: This technology has no legitimate use.

SPI has been very supportive of my research, and I hope they continue to do so.

Phuture Of Phishing: Presentation and code



 
 
Powered By Industrial Memetics
RSS2.0