Create an Account
username: password:
 
  MemeStreams Logo

Phuture Of Phishing: Presentation and code
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Phuture Of Phishing: Presentation and code
Topic: Computer Security 9:37 pm EDT, Sep 23, 2005

The Phuture of Phishing
by: Billy Hoffman

Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.

SPI Dynamics is hosting Acidus's Toorcon presentation and is hosting his free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of the presentation form the memed website.

Acidus quoted Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded):

Tom Cross: This technology has no legitimate use.

I assure you that's a complement. Its in reference to an offensive tool. Industrial Memetics is proud to have Billy around.

Kudos to SPI Dynamics for supporting Billy's current research.

Phuture Of Phishing: Presentation and code

Thread [2] - Reply


  
 
Powered By Industrial Memetics		RSS2.0