Info
- Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.
Applied Cryptography and Network Security [[electronic resource] ] : Second International Conference, ACNS 2004, Yellow Mountain, China, June 8-11, 2004. Proceedings / / edited by Markus Jakobsson, Moti Yung, Jianying Zhou
| Applied Cryptography and Network Security [[electronic resource] ] : Second International Conference, ACNS 2004, Yellow Mountain, China, June 8-11, 2004. Proceedings / / edited by Markus Jakobsson, Moti Yung, Jianying Zhou |
| Edizione | [1st ed. 2004.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2004 |
| Descrizione fisica | 1 online resource (XIII, 511 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Cryptography
Data encryption (Computer science) Computer networks Operating systems (Computers) Information storage and retrieval systems Application software Electronic data processing—Management Cryptology Computer Communication Networks Operating Systems Information Storage and Retrieval Computer and Information Systems Applications IT Operations |
| ISBN |
9783540248528
3-540-24852-8 |
| Formato | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Security and Storage -- CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap -- Private Keyword-Based Push and Pull with Applications to Anonymous Communication -- Secure Conjunctive Keyword Search over Encrypted Data -- Provably Secure Constructions -- Evaluating Security of Voting Schemes in the Universal Composability Framework -- Verifiable Shuffles: A Formal Model and a Paillier-Based Efficient Construction with Provable Security -- On the Security of Cryptosystems with All-or-Nothing Transform -- Internet Security -- Centralized Management of Virtual Security Zones in IP Networks -- S-RIP: A Secure Distance Vector Routing Protocol -- A Pay-per-Use DoS Protection Mechanism for the Web -- Digital Signature -- Limited Verifier Signature from Bilinear Pairings -- Deniable Ring Authentication Revisited -- A Fully-Functional Group Signature Scheme over Only Known-Order Group -- Security Modelling -- Some Observations on Zap and Its Applications -- Security Measurements of Steganographic Systems -- X2Rep: Enhanced Trust Semantics for the XRep Protocol -- Authenticated Key Exchange -- One-Round Protocols for Two-Party Authenticated Key Exchange -- Password Authenticated Key Exchange Using Quadratic Residues -- Key Agreement Using Statically Keyed Authenticators -- Security of Deployed Systems -- Low-Latency Cryptographic Protection for SCADA Communications -- A Best Practice for Root CA Key Update in PKI -- SQLrand: Preventing SQL Injection Attacks -- Cryptosystems: Design and Analysis -- Cryptanalysis of a Knapsack Based Two-Lock Cryptosystem -- Success Probability in ? 2-Attacks -- More Generalized Clock-Controlled Alternating Step Generator -- Cryptographic Protocols -- FDLKH: Fully Decentralized Key Management Scheme on Logical Key Hierarchy -- Unconditionally Non-interactive Verifiable Secret Sharing Secure against Faulty Majorities in the Commodity Based Model -- Cryptanalysis of Two Anonymous Buyer-Seller Watermarking Protocols and an Improvement for True Anonymity -- Side Channels and Protocol Analysis -- Security Analysis of CRT-Based Cryptosystems -- Cryptanalysis of the Countermeasures Using Randomized Binary Signed Digits -- Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords -- Intrusion Detection and DoS -- Advanced Packet Marking Mechanism with Pushback for IP Traceback -- A Parallel Intrusion Detection System for High-Speed Networks -- A Novel Framework for Alert Correlation and Understanding -- Cryptographic Algorithms -- An Improved Algorithm for uP+vQ Using JSF -- New Table Look-Up Methods for Faster Frobenius Map Based Scalar Multiplication Over GF(p n ) -- Batch Verification for Equality of Discrete Logarithms and Threshold Decryptions. |
| Record Nr. | UNISA-996465428803316 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2004 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Applied Cryptography and Network Security : Second International Conference, ACNS 2004, Yellow Mountain, China, June 8-11, 2004. Proceedings / / edited by Markus Jakobsson, Moti Yung, Jianying Zhou
| Applied Cryptography and Network Security : Second International Conference, ACNS 2004, Yellow Mountain, China, June 8-11, 2004. Proceedings / / edited by Markus Jakobsson, Moti Yung, Jianying Zhou |
| Edizione | [1st ed. 2004.] |
| Pubbl/distr/stampa | Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2004 |
| Descrizione fisica | 1 online resource (XIII, 511 p.) |
| Disciplina | 005.8 |
| Collana | Lecture Notes in Computer Science |
| Soggetto topico |
Cryptography
Data encryption (Computer science) Computer networks Operating systems (Computers) Information storage and retrieval systems Application software Electronic data processing—Management Cryptology Computer Communication Networks Operating Systems Information Storage and Retrieval Computer and Information Systems Applications IT Operations |
| ISBN |
9783540248528
3-540-24852-8 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Security and Storage -- CamouflageFS: Increasing the Effective Key Length in Cryptographic Filesystems on the Cheap -- Private Keyword-Based Push and Pull with Applications to Anonymous Communication -- Secure Conjunctive Keyword Search over Encrypted Data -- Provably Secure Constructions -- Evaluating Security of Voting Schemes in the Universal Composability Framework -- Verifiable Shuffles: A Formal Model and a Paillier-Based Efficient Construction with Provable Security -- On the Security of Cryptosystems with All-or-Nothing Transform -- Internet Security -- Centralized Management of Virtual Security Zones in IP Networks -- S-RIP: A Secure Distance Vector Routing Protocol -- A Pay-per-Use DoS Protection Mechanism for the Web -- Digital Signature -- Limited Verifier Signature from Bilinear Pairings -- Deniable Ring Authentication Revisited -- A Fully-Functional Group Signature Scheme over Only Known-Order Group -- Security Modelling -- Some Observations on Zap and Its Applications -- Security Measurements of Steganographic Systems -- X2Rep: Enhanced Trust Semantics for the XRep Protocol -- Authenticated Key Exchange -- One-Round Protocols for Two-Party Authenticated Key Exchange -- Password Authenticated Key Exchange Using Quadratic Residues -- Key Agreement Using Statically Keyed Authenticators -- Security of Deployed Systems -- Low-Latency Cryptographic Protection for SCADA Communications -- A Best Practice for Root CA Key Update in PKI -- SQLrand: Preventing SQL Injection Attacks -- Cryptosystems: Design and Analysis -- Cryptanalysis of a Knapsack Based Two-Lock Cryptosystem -- Success Probability in ? 2-Attacks -- More Generalized Clock-Controlled Alternating Step Generator -- Cryptographic Protocols -- FDLKH: Fully Decentralized Key Management Scheme on Logical Key Hierarchy -- Unconditionally Non-interactive Verifiable Secret Sharing Secure against Faulty Majorities in the Commodity Based Model -- Cryptanalysis of Two Anonymous Buyer-Seller Watermarking Protocols and an Improvement for True Anonymity -- Side Channels and Protocol Analysis -- Security Analysis of CRT-Based Cryptosystems -- Cryptanalysis of the Countermeasures Using Randomized Binary Signed Digits -- Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords -- Intrusion Detection and DoS -- Advanced Packet Marking Mechanism with Pushback for IP Traceback -- A Parallel Intrusion Detection System for High-Speed Networks -- A Novel Framework for Alert Correlation and Understanding -- Cryptographic Algorithms -- An Improved Algorithm for uP+vQ Using JSF -- New Table Look-Up Methods for Faster Frobenius Map Based Scalar Multiplication Over GF(p n ) -- Batch Verification for Equality of Discrete Logarithms and Threshold Decryptions. |
| Record Nr. | UNINA-9910144150803321 |
| Berlin, Heidelberg : , : Springer Berlin Heidelberg : , : Imprint : Springer, , 2004 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
The death of the internet / / edited by Markus Jakobsson
| The death of the internet / / edited by Markus Jakobsson |
| Edizione | [1st ed.] |
| Pubbl/distr/stampa | Hoboken [New Jersey] : , : John Wiley & Sons, , c2012 |
| Descrizione fisica | 1 online resource (387 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) | JakobssonMarkus |
| Soggetto topico |
Internet - Security measures
Electronic commerce - Security measures Data protection Computer crimes |
| ISBN |
1-118-31254-6
1-280-99841-5 9786613770028 1-118-31253-8 1-118-31255-4 |
| Classificazione | COM053000 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Foreword xv -- Preface xvii -- Is the Title of this Book a Joke? xix -- Acknowledgments xxi -- Contributors xxiii -- Part I The Problem -- 1 What Could Kill the Internet? And so What? 3 -- 2 It is About People 7 -- 2.1 Human and Social Issues 7 / Markus Jakobsson -- 2.1.1 Nigerian Scams 8 -- 2.1.2 Password Reuse 9 -- 2.1.3 Phishing 11 -- 2.2 Who are the Criminals? 13 / Igor Bulavko -- 2.2.1 Who are they? 13 -- 2.2.2 Where are they? 14 -- 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14 -- 2.2.4 Let's try to Find Parallels in the World we Live in16 -- 2.2.5 Crime and Punishment? 16 -- 3 How Criminals Profit 19 -- 3.1 Online Advertising Fraud 20 / Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-PierreHubaux -- 3.1.1 Advertising on the Internet 20 -- 3.1.2 Exploits of Online Advertising Systems 23 -- 3.1.3 Click Fraud 25 -- 3.1.4 Malvertising: Spreading Malware via Ads 31 -- 3.1.5 Inflight Modification of Ad Traffic 32 -- 3.1.6 Adware: Unsolicited Software Ads 34 -- 3.1.7 Conclusion 35 -- 3.2 Toeing the Line: Legal but Deceptive Service Offers 35 / Markus Jakobsson and Ruilin Zhu -- 3.2.1 How Does it Work? 36 -- 3.2.2 What do they Earn? 36 -- 3.3 Phishing and Some Related Attacks 38 / Markus Jakobsson and William Leddy -- 3.3.1 The Problem is the User 38 -- 3.3.2 Phishing 38 -- 3.3.3 Man-in-the-Middle 39 -- 3.3.4 Man-in-the-Browser 40 -- 3.3.5 New Attack: Man-in-the-Screen 41 -- 3.4 Malware: Current Outlook 42 -- Members of the BITS Security Working Group and staff leads GregRattray and Andrew Kennedy -- 3.4.1 Malware Evolution 42 -- 3.4.2 Malware Supply and Demand 48 -- 3.5 Monetization 53 / Markus Jakobsson -- 3.5.1 There is Money Everywhere 53 -- 4 How ThingsWork and Fail 57 -- 4.1 Online Advertising: With Secret Security 58 / Markus Jakobsson -- 4.1.1 What is a Click? 58 -- 4.1.2 How Secret Filters are Evaluated 60 -- 4.1.3 What do Fraudsters Know? 62 -- 4.2 Web Security Remediation Efforts 63 / Jeff Hodges and Andy Steingruebl.
4.2.1 Introduction 63 -- 4.2.2 The Multitude of Web Browser Security Mechanisms 64 -- 4.2.3 Where do we go from Here? 75 -- 4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content75 / Juan Caballero, Adam Barth, and Dawn Song -- 4.3.1 Introduction 75 -- 4.3.2 Content-Sniffing XSS Attacks 77 -- 4.3.3 Defenses 84 -- 4.3.4 Conclusion 89 -- 4.4 Our Internet Infrastructure at Risk 89 / Garth Bruen -- 4.4.1 Introduction 89 -- 4.4.2 The Political Structure 90 -- 4.4.3 The Domain 92 -- 4.4.4 WHOIS: Ownership and Technical Records 94 -- 4.4.5 Registrars: Sponsors of Domain Names 96 -- 4.4.6 Registries: Sponsors of Domain Extensions 97 -- 4.4.7 CCTLDs: The Sovereign Domain Extensions 99 -- 4.4.8 ICANN: The Main Internet Policy Body 100 -- 4.4.9 Conclusion 102 -- 4.5 Social Spam 103 / Dimitar Nikolov and Filippo Menczer -- 4.5.1 Introduction 103 -- 4.5.2 Motivations for Spammers 105 -- 4.5.3 Case Study: Spam in the GiveALink Bookmarking System108 -- 4.5.4 Web Pollution 114 -- 4.5.5 The Changing Nature of Social Spam: Content Farms 116 -- 4.5.6 Conclusion 117 -- 4.6 Understanding CAPTCHAs and Their Weaknesses 117 / Elie Bursztein -- 4.6.1 What is a Captcha? 117 -- 4.6.2 Types of Captchas 118 -- 4.6.3 Evaluating Captcha Attack Effectiveness 118 -- 4.6.4 Design of Captchas 119 -- 4.6.5 Automated Attacks 124 -- 4.6.6 Crowd-Sourcing: Using Humans to Break Captchas 127 -- 4.7 Security Questions 131 / Ariel Rabkin -- 4.7.1 Overview 131 -- 4.7.2 Vulnerabilities 134 -- 4.7.3 Variants and Possible Defenses 138 -- 4.7.4 Conclusion 139 -- 4.8 Folk Models of Home Computer Security 140 / Rick Wash and Emilee Rader -- 4.8.1 The Relationship Between Folk Models and Security 140 -- 4.8.2 Folk Models of Viruses and Other Malware 142 -- 4.8.3 Folk Models of Hackers and Break-Ins 146 -- 4.8.4 Following Security Advice 149 -- 4.8.5 Lessons Learned 153 -- 4.9 Detecting and Defeating Interception Attacks Against SSL154 / Christopher Soghoian and Sid Stamm -- 4.9.1 Introduction 154. 4.9.2 Certificate Authorities and the Browser Vendors 155 -- 4.9.3 Big Brother in the Browser 157 -- 4.9.4 Compelled Assistance 158 -- 4.9.5 Surveillance Appliances 159 -- 4.9.6 Protecting Users 160 -- 4.9.7 Threat Model Analysis 163 -- 4.9.8 Related Work 166 -- 4.9.9 Conclusion 168 -- 5 The Mobile Problem 169 -- 5.1 Phishing on Mobile Devices 169 / Adrienne Porter Felt and David Wagner -- 5.1.1 The Mobile Phishing Threat 170 -- 5.1.2 Common Control Transfers 172 -- 5.1.3 Phishing Attacks 178 -- 5.1.4 Web Sender⇒Mobile Target 182 -- 5.1.5 Web Sender⇒Web Target 184 -- 5.1.6 Attack Prevention 185 -- 5.2 Why Mobile Malware will Explode 185 / Markus Jakobsson and Mark Grandcolas -- 5.2.1 Nineteen Eighty-Six: When it all Started 186 -- 5.2.2 A Glimpse of Users 186 -- 5.2.3 Why Market Size Matters 186 -- 5.2.4 Financial Trends 187 -- 5.2.5 Mobile Malware Outlook 187 -- 5.3 Tapjacking: Stealing Clicks on Mobile Devices 189 / Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and DanBoneh -- 5.3.1 Framing Attacks 189 -- 5.3.2 Phone Tapjacking 191 -- 5.3.3 Framing Facebook 194 -- 5.3.4 Summary and Recommendations 195 -- 6 The Internet and the PhysicalWorld 197 -- 6.1 Malware-Enabled Wireless Tracking Networks 197 / Nathaniel Husted and Steven Myers -- 6.1.1 Introduction 198 -- 6.1.2 The Anatomy of a Modern Smartphone 199 -- 6.1.3 Mobile Tracking Networks: A Threat to Smartphones 200 -- 6.1.4 Conclusion 219 -- 6.2 Social Networking Leaks 219 / Mayank Dhiman and Markus Jakobsson -- 6.2.1 Introduction 220 -- 6.2.2 Motivations for Using Social Networking Sites 220 -- 6.2.3 Trust and Privacy 221 -- 6.2.4 Known Issues 222 -- 6.2.5 Case Study: Social Networking Leaks in the Physical World225 -- 6.3 Abuse of Social Media and Political Manipulation 231 / Bruno Gond calves, Michael Conover, and FilippoMenczer -- 6.3.1 The Rise of Online Grassroots Political Movements 231 -- 6.3.2 Spam and Astroturfing 232 -- 6.3.3 Deceptive Tactics 233 -- 6.3.4 The Truthy System for Astroturf Detection 236. 6.3.5 Discussion 240 -- Part II Thinking About Solutions -- 7 Solutions to the Problem 245 -- 7.1 When and How to Authenticate 245 / Richard Chow, Elaine Shi, Markus Jakobsson, Philippe Golle,Ryusuke Masuoka, Jesus Molina, Yuan Niu, and Jeff Song -- 7.1.1 Problem Description 246 -- 7.1.2 Use Cases 247 -- 7.1.3 System Architecture 248 -- 7.1.4 User Privacy 250 -- 7.1.5 Machine Learning/Algorithms 250 -- 7.1.6 User Study 252 -- 7.2 Fastwords: Adapting Passwords to Constrained Keyboards255 / Markus Jakobsson and Ruj Akavipat -- 7.2.1 The Principles Behind Fastwords 256 -- 7.2.2 Basic Feature Set 258 -- 7.2.3 Extended Feature Set 260 -- 7.2.4 Sample Stories and Frequencies 261 -- 7.2.5 Recall Rates 262 -- 7.2.6 Security Analysis 264 -- 7.2.7 The Security of Passwords 264 -- 7.2.8 Entry Speed 268 -- 7.2.9 Implementation of Fastword Entry 270 -- 7.2.10 Conclusion 271 -- 7.3 Deriving PINs from Passwords 271 / Markus Jakobsson and Debin Liu -- 7.3.1 Introduction 272 -- 7.3.2 A Brief Discussion of Passwords 273 -- 7.3.3 How to Derive PINs from Passwords 274 -- 7.3.4 Analysis of Passwords and Derived PINs 275 -- 7.3.5 Security Analysis 278 -- 7.3.6 Usability Experiments 280 -- 7.4 Visual Preference Authentication 282 / Yuan Niu, Markus Jakobsson, Gustav Rydstedt, and DahnTamir -- 7.4.1 Password Resets 282 -- 7.4.2 Security Questions Aren't so Secure 283 -- 7.4.3 What is Visual Preference-Based Authentication 283 -- 7.4.4 Evaluating Visual Preference-Based Authentication 285 -- 7.4.5 Case Study: Visual Blue Moon Authentication 286 -- 7.4.6 Conclusion 290 -- 7.5 The Deadly Sins of Security User Interfaces 290 / Nathan Good -- 7.5.1 Security Applications with Frustrating User Interfaces291 -- 7.5.2 The Four Sins of Security Application User Interfaces293 -- 7.5.3 Consumer Choice: A Security Bugbear 293 -- 7.5.4 Security by Verbosity 299 -- 7.5.5 Walls of Checkboxes 300 -- 7.5.6 All or Nothing Switch 302 -- 7.5.7 Conclusion 304 -- 7.6 SpoofKiller-Let's Kiss Spoofing Goodbye!304 / Markus Jakobsson and William Leddy. 7.6.1 A Key to the Solution: Interrupts 305 -- 7.6.2 Why can the User Log in to Good Sites, but not Bad Ones?305 -- 7.6.3 What About Sites that are Good . . . but not CertifiedGood? 308 -- 7.6.4 SpoofKiller: Under the Hood 309 -- 7.6.5 Say we Implement SpoofKiller-then What? 311 -- 7.7 Device Identification and Intelligence 312 / Ori Eisen -- 7.7.1 1995-2001: The Early Years of Device Identification313 -- 7.7.2 2001-2008 Tagless Device Identification Begins314 -- 7.7.3 2008-Present: Private Browsing and Beyond 319 -- 7.8 How can we Determine if a Device is Infected or not?323 / Aur'elien Francillon, Markus Jakobsson, and AdrianPerrig -- 7.8.1 Why Detection is Difficult 323 -- 7.8.2 Setting up an Isolated Environment 324 -- 7.8.3 What Could go Wrong? 326 -- 7.8.4 Brief Comparison with TrustZone 328 -- 7.8.5 Summary 328 -- 8 The Future 331 -- 8.1 Security Needs the Best User Experience 332 / Hampus Jakobsson -- 8.1.1 How the User Won Over Features 332 -- 8.1.2 So How Come the iPhone Became so Successful? 332 -- 8.1.3 A World of Information Anywhere 333 -- 8.1.4 Midas' Touch Screens 334 -- 8.1.5 New Input, New Opportunities 335 -- 8.1.6 Zero-Click and Real-Life User Interfaces 335 -- 8.1.7 Privacy and User Interfaces 336 -- 8.1.8 It all Comes Together 336 -- 8.2 Fraud and the Future 336 / Markus Jakobsson -- References 339 -- Index 359. |
| Record Nr. | UNINA-9910138873603321 |
| Hoboken [New Jersey] : , : John Wiley & Sons, , c2012 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
The death of the internet / / edited by Markus Jakobsson
| The death of the internet / / edited by Markus Jakobsson |
| Edizione | [1st ed.] |
| Pubbl/distr/stampa | Hoboken [New Jersey] : , : John Wiley & Sons, , c2012 |
| Descrizione fisica | 1 online resource (387 p.) |
| Disciplina | 005.8 |
| Altri autori (Persone) | JakobssonMarkus |
| Soggetto topico |
Internet - Security measures
Electronic commerce - Security measures Data protection Computer crimes |
| ISBN |
1-118-31254-6
1-280-99841-5 9786613770028 1-118-31253-8 1-118-31255-4 |
| Classificazione | COM053000 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Foreword xv -- Preface xvii -- Is the Title of this Book a Joke? xix -- Acknowledgments xxi -- Contributors xxiii -- Part I The Problem -- 1 What Could Kill the Internet? And so What? 3 -- 2 It is About People 7 -- 2.1 Human and Social Issues 7 / Markus Jakobsson -- 2.1.1 Nigerian Scams 8 -- 2.1.2 Password Reuse 9 -- 2.1.3 Phishing 11 -- 2.2 Who are the Criminals? 13 / Igor Bulavko -- 2.2.1 Who are they? 13 -- 2.2.2 Where are they? 14 -- 2.2.3 Deep-Dive: Taking a Look at Ex-Soviet Hackers 14 -- 2.2.4 Let's try to Find Parallels in the World we Live in16 -- 2.2.5 Crime and Punishment? 16 -- 3 How Criminals Profit 19 -- 3.1 Online Advertising Fraud 20 / Nevena Vratonjic, Mohammad Hossein Manshaei, and Jean-PierreHubaux -- 3.1.1 Advertising on the Internet 20 -- 3.1.2 Exploits of Online Advertising Systems 23 -- 3.1.3 Click Fraud 25 -- 3.1.4 Malvertising: Spreading Malware via Ads 31 -- 3.1.5 Inflight Modification of Ad Traffic 32 -- 3.1.6 Adware: Unsolicited Software Ads 34 -- 3.1.7 Conclusion 35 -- 3.2 Toeing the Line: Legal but Deceptive Service Offers 35 / Markus Jakobsson and Ruilin Zhu -- 3.2.1 How Does it Work? 36 -- 3.2.2 What do they Earn? 36 -- 3.3 Phishing and Some Related Attacks 38 / Markus Jakobsson and William Leddy -- 3.3.1 The Problem is the User 38 -- 3.3.2 Phishing 38 -- 3.3.3 Man-in-the-Middle 39 -- 3.3.4 Man-in-the-Browser 40 -- 3.3.5 New Attack: Man-in-the-Screen 41 -- 3.4 Malware: Current Outlook 42 -- Members of the BITS Security Working Group and staff leads GregRattray and Andrew Kennedy -- 3.4.1 Malware Evolution 42 -- 3.4.2 Malware Supply and Demand 48 -- 3.5 Monetization 53 / Markus Jakobsson -- 3.5.1 There is Money Everywhere 53 -- 4 How ThingsWork and Fail 57 -- 4.1 Online Advertising: With Secret Security 58 / Markus Jakobsson -- 4.1.1 What is a Click? 58 -- 4.1.2 How Secret Filters are Evaluated 60 -- 4.1.3 What do Fraudsters Know? 62 -- 4.2 Web Security Remediation Efforts 63 / Jeff Hodges and Andy Steingruebl.
4.2.1 Introduction 63 -- 4.2.2 The Multitude of Web Browser Security Mechanisms 64 -- 4.2.3 Where do we go from Here? 75 -- 4.3 Content-Sniffing XSS Attacks: XSS with Non-HTML Content75 / Juan Caballero, Adam Barth, and Dawn Song -- 4.3.1 Introduction 75 -- 4.3.2 Content-Sniffing XSS Attacks 77 -- 4.3.3 Defenses 84 -- 4.3.4 Conclusion 89 -- 4.4 Our Internet Infrastructure at Risk 89 / Garth Bruen -- 4.4.1 Introduction 89 -- 4.4.2 The Political Structure 90 -- 4.4.3 The Domain 92 -- 4.4.4 WHOIS: Ownership and Technical Records 94 -- 4.4.5 Registrars: Sponsors of Domain Names 96 -- 4.4.6 Registries: Sponsors of Domain Extensions 97 -- 4.4.7 CCTLDs: The Sovereign Domain Extensions 99 -- 4.4.8 ICANN: The Main Internet Policy Body 100 -- 4.4.9 Conclusion 102 -- 4.5 Social Spam 103 / Dimitar Nikolov and Filippo Menczer -- 4.5.1 Introduction 103 -- 4.5.2 Motivations for Spammers 105 -- 4.5.3 Case Study: Spam in the GiveALink Bookmarking System108 -- 4.5.4 Web Pollution 114 -- 4.5.5 The Changing Nature of Social Spam: Content Farms 116 -- 4.5.6 Conclusion 117 -- 4.6 Understanding CAPTCHAs and Their Weaknesses 117 / Elie Bursztein -- 4.6.1 What is a Captcha? 117 -- 4.6.2 Types of Captchas 118 -- 4.6.3 Evaluating Captcha Attack Effectiveness 118 -- 4.6.4 Design of Captchas 119 -- 4.6.5 Automated Attacks 124 -- 4.6.6 Crowd-Sourcing: Using Humans to Break Captchas 127 -- 4.7 Security Questions 131 / Ariel Rabkin -- 4.7.1 Overview 131 -- 4.7.2 Vulnerabilities 134 -- 4.7.3 Variants and Possible Defenses 138 -- 4.7.4 Conclusion 139 -- 4.8 Folk Models of Home Computer Security 140 / Rick Wash and Emilee Rader -- 4.8.1 The Relationship Between Folk Models and Security 140 -- 4.8.2 Folk Models of Viruses and Other Malware 142 -- 4.8.3 Folk Models of Hackers and Break-Ins 146 -- 4.8.4 Following Security Advice 149 -- 4.8.5 Lessons Learned 153 -- 4.9 Detecting and Defeating Interception Attacks Against SSL154 / Christopher Soghoian and Sid Stamm -- 4.9.1 Introduction 154. 4.9.2 Certificate Authorities and the Browser Vendors 155 -- 4.9.3 Big Brother in the Browser 157 -- 4.9.4 Compelled Assistance 158 -- 4.9.5 Surveillance Appliances 159 -- 4.9.6 Protecting Users 160 -- 4.9.7 Threat Model Analysis 163 -- 4.9.8 Related Work 166 -- 4.9.9 Conclusion 168 -- 5 The Mobile Problem 169 -- 5.1 Phishing on Mobile Devices 169 / Adrienne Porter Felt and David Wagner -- 5.1.1 The Mobile Phishing Threat 170 -- 5.1.2 Common Control Transfers 172 -- 5.1.3 Phishing Attacks 178 -- 5.1.4 Web Sender⇒Mobile Target 182 -- 5.1.5 Web Sender⇒Web Target 184 -- 5.1.6 Attack Prevention 185 -- 5.2 Why Mobile Malware will Explode 185 / Markus Jakobsson and Mark Grandcolas -- 5.2.1 Nineteen Eighty-Six: When it all Started 186 -- 5.2.2 A Glimpse of Users 186 -- 5.2.3 Why Market Size Matters 186 -- 5.2.4 Financial Trends 187 -- 5.2.5 Mobile Malware Outlook 187 -- 5.3 Tapjacking: Stealing Clicks on Mobile Devices 189 / Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and DanBoneh -- 5.3.1 Framing Attacks 189 -- 5.3.2 Phone Tapjacking 191 -- 5.3.3 Framing Facebook 194 -- 5.3.4 Summary and Recommendations 195 -- 6 The Internet and the PhysicalWorld 197 -- 6.1 Malware-Enabled Wireless Tracking Networks 197 / Nathaniel Husted and Steven Myers -- 6.1.1 Introduction 198 -- 6.1.2 The Anatomy of a Modern Smartphone 199 -- 6.1.3 Mobile Tracking Networks: A Threat to Smartphones 200 -- 6.1.4 Conclusion 219 -- 6.2 Social Networking Leaks 219 / Mayank Dhiman and Markus Jakobsson -- 6.2.1 Introduction 220 -- 6.2.2 Motivations for Using Social Networking Sites 220 -- 6.2.3 Trust and Privacy 221 -- 6.2.4 Known Issues 222 -- 6.2.5 Case Study: Social Networking Leaks in the Physical World225 -- 6.3 Abuse of Social Media and Political Manipulation 231 / Bruno Gond calves, Michael Conover, and FilippoMenczer -- 6.3.1 The Rise of Online Grassroots Political Movements 231 -- 6.3.2 Spam and Astroturfing 232 -- 6.3.3 Deceptive Tactics 233 -- 6.3.4 The Truthy System for Astroturf Detection 236. 6.3.5 Discussion 240 -- Part II Thinking About Solutions -- 7 Solutions to the Problem 245 -- 7.1 When and How to Authenticate 245 / Richard Chow, Elaine Shi, Markus Jakobsson, Philippe Golle,Ryusuke Masuoka, Jesus Molina, Yuan Niu, and Jeff Song -- 7.1.1 Problem Description 246 -- 7.1.2 Use Cases 247 -- 7.1.3 System Architecture 248 -- 7.1.4 User Privacy 250 -- 7.1.5 Machine Learning/Algorithms 250 -- 7.1.6 User Study 252 -- 7.2 Fastwords: Adapting Passwords to Constrained Keyboards255 / Markus Jakobsson and Ruj Akavipat -- 7.2.1 The Principles Behind Fastwords 256 -- 7.2.2 Basic Feature Set 258 -- 7.2.3 Extended Feature Set 260 -- 7.2.4 Sample Stories and Frequencies 261 -- 7.2.5 Recall Rates 262 -- 7.2.6 Security Analysis 264 -- 7.2.7 The Security of Passwords 264 -- 7.2.8 Entry Speed 268 -- 7.2.9 Implementation of Fastword Entry 270 -- 7.2.10 Conclusion 271 -- 7.3 Deriving PINs from Passwords 271 / Markus Jakobsson and Debin Liu -- 7.3.1 Introduction 272 -- 7.3.2 A Brief Discussion of Passwords 273 -- 7.3.3 How to Derive PINs from Passwords 274 -- 7.3.4 Analysis of Passwords and Derived PINs 275 -- 7.3.5 Security Analysis 278 -- 7.3.6 Usability Experiments 280 -- 7.4 Visual Preference Authentication 282 / Yuan Niu, Markus Jakobsson, Gustav Rydstedt, and DahnTamir -- 7.4.1 Password Resets 282 -- 7.4.2 Security Questions Aren't so Secure 283 -- 7.4.3 What is Visual Preference-Based Authentication 283 -- 7.4.4 Evaluating Visual Preference-Based Authentication 285 -- 7.4.5 Case Study: Visual Blue Moon Authentication 286 -- 7.4.6 Conclusion 290 -- 7.5 The Deadly Sins of Security User Interfaces 290 / Nathan Good -- 7.5.1 Security Applications with Frustrating User Interfaces291 -- 7.5.2 The Four Sins of Security Application User Interfaces293 -- 7.5.3 Consumer Choice: A Security Bugbear 293 -- 7.5.4 Security by Verbosity 299 -- 7.5.5 Walls of Checkboxes 300 -- 7.5.6 All or Nothing Switch 302 -- 7.5.7 Conclusion 304 -- 7.6 SpoofKiller-Let's Kiss Spoofing Goodbye!304 / Markus Jakobsson and William Leddy. 7.6.1 A Key to the Solution: Interrupts 305 -- 7.6.2 Why can the User Log in to Good Sites, but not Bad Ones?305 -- 7.6.3 What About Sites that are Good . . . but not CertifiedGood? 308 -- 7.6.4 SpoofKiller: Under the Hood 309 -- 7.6.5 Say we Implement SpoofKiller-then What? 311 -- 7.7 Device Identification and Intelligence 312 / Ori Eisen -- 7.7.1 1995-2001: The Early Years of Device Identification313 -- 7.7.2 2001-2008 Tagless Device Identification Begins314 -- 7.7.3 2008-Present: Private Browsing and Beyond 319 -- 7.8 How can we Determine if a Device is Infected or not?323 / Aur'elien Francillon, Markus Jakobsson, and AdrianPerrig -- 7.8.1 Why Detection is Difficult 323 -- 7.8.2 Setting up an Isolated Environment 324 -- 7.8.3 What Could go Wrong? 326 -- 7.8.4 Brief Comparison with TrustZone 328 -- 7.8.5 Summary 328 -- 8 The Future 331 -- 8.1 Security Needs the Best User Experience 332 / Hampus Jakobsson -- 8.1.1 How the User Won Over Features 332 -- 8.1.2 So How Come the iPhone Became so Successful? 332 -- 8.1.3 A World of Information Anywhere 333 -- 8.1.4 Midas' Touch Screens 334 -- 8.1.5 New Input, New Opportunities 335 -- 8.1.6 Zero-Click and Real-Life User Interfaces 335 -- 8.1.7 Privacy and User Interfaces 336 -- 8.1.8 It all Comes Together 336 -- 8.2 Fraud and the Future 336 / Markus Jakobsson -- References 339 -- Index 359. |
| Record Nr. | UNINA-9910810416403321 |
| Hoboken [New Jersey] : , : John Wiley & Sons, , c2012 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Financial Cryptography and Data Security [[electronic resource] ] : FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers / / edited by Michael Brenner, Kurt Rohloff, Joseph Bonneau, Andrew Miller, Peter Y.A. Ryan, Vanessa Teague, Andrea Bracciali, Massimiliano Sala, Federico Pintore, Markus Jakobsson
| Financial Cryptography and Data Security [[electronic resource] ] : FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers / / edited by Michael Brenner, Kurt Rohloff, Joseph Bonneau, Andrew Miller, Peter Y.A. Ryan, Vanessa Teague, Andrea Bracciali, Massimiliano Sala, Federico Pintore, Markus Jakobsson |
| Edizione | [1st ed. 2017.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 |
| Descrizione fisica | 1 online resource (XXII, 636 p. 97 illus.) |
| Disciplina | 005.82 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Data encryption (Computer science) Computers Computer organization Artificial intelligence Systems and Data Security Cryptology Information Systems and Communication Service Computing Milieux Computer Systems Organization and Communication Networks Artificial Intelligence |
| ISBN | 3-319-70278-5 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Encrypted Computing and Applied Homomorphic Cryptography -- Bitcoin and Blockchain Research -- Secure Voting Systems -- Trusted Smart Contracts -- Targeted Attacks. |
| Record Nr. | UNISA-996466459803316 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
Financial Cryptography and Data Security : FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers / / edited by Michael Brenner, Kurt Rohloff, Joseph Bonneau, Andrew Miller, Peter Y.A. Ryan, Vanessa Teague, Andrea Bracciali, Massimiliano Sala, Federico Pintore, Markus Jakobsson
| Financial Cryptography and Data Security : FC 2017 International Workshops, WAHC, BITCOIN, VOTING, WTSC, and TA, Sliema, Malta, April 7, 2017, Revised Selected Papers / / edited by Michael Brenner, Kurt Rohloff, Joseph Bonneau, Andrew Miller, Peter Y.A. Ryan, Vanessa Teague, Andrea Bracciali, Massimiliano Sala, Federico Pintore, Markus Jakobsson |
| Edizione | [1st ed. 2017.] |
| Pubbl/distr/stampa | Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 |
| Descrizione fisica | 1 online resource (XXII, 636 p. 97 illus.) |
| Disciplina | 005.82 |
| Collana | Security and Cryptology |
| Soggetto topico |
Computer security
Data encryption (Computer science) Computers Computer organization Artificial intelligence Systems and Data Security Cryptology Information Systems and Communication Service Computing Milieux Computer Systems Organization and Communication Networks Artificial Intelligence |
| ISBN | 3-319-70278-5 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | Encrypted Computing and Applied Homomorphic Cryptography -- Bitcoin and Blockchain Research -- Secure Voting Systems -- Trusted Smart Contracts -- Targeted Attacks. |
| Record Nr. | UNINA-9910483725803321 |
| Cham : , : Springer International Publishing : , : Imprint : Springer, , 2017 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Phishing and countermeasures [[electronic resource] ] : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers
| Phishing and countermeasures [[electronic resource] ] : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers |
| Pubbl/distr/stampa | Hoboken, N.J., : Wiley-Interscience, c2007 |
| Descrizione fisica | 1 online resource (730 p.) |
| Disciplina |
005.9
364.163 |
| Altri autori (Persone) |
JakobssonMarkus
MyersSteven <1975-> |
| Soggetto topico |
Phishing
Identity theft - Prevention Computer security |
| Soggetto genere / forma | Electronic books. |
| ISBN |
1-280-82196-5
9786610821969 0-470-08610-6 0-470-08609-2 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Phishing and Countermeasures; CONTENTS; Preface; Acknowledgements; 1 Introduction to Phishing; 1.1 What is Phishing?; 1.2 A Brief History of Phishing; 1.3 The Costs to Society of Phishing; 1.4 A Typical Phishing Attack; 1.4.1 Phishing Example: America's Credit Unions; 1.4.2 Phishing Example: PayPal; 1.4.3 Making the Lure Convincing; 1.4.4 Setting The Hook; 1.4.5 Making the Hook Convincing; 1.4.6 The Catch; 1.4.7 Take-Down and Related Technologies; 1.5 Evolution of Phishing; 1.6 Case Study: Phishing on Froogle; 1.7 Protecting Users from Phishing; References
2 Phishing Attacks: Information Flow and Chokepoints2.1 Types of Phishing Attacks; 2.1.1 Deceptive Phishing; 2.1.2 Malware-Based Phishing; 2.1.3 DNS-Based Phishing ("Pharming"); 2.1.4 Content-Injection Phishing; 2.1.5 Man-in-the-Middle Phishing; 2.1.6 Search Engine Phishing; 2.2 Technology, Chokepoints, and Countermeasures; 2.2.1 Step 0: Preventing a Phishing Attack Before It Begins; 2.2.2 Step 1 : Preventing Delivery of Phishing Payload; 2.2.3 Step 2: Preventing or Disrupting a User Action; 2.2.4 Steps 2 and 4: Prevent Navigation and Data Compromise 2.2.5 Step 3: Preventing Transmission of the Prompt2.2.6 Step 4: Preventing Transmission of Confidential Information; 2.2.7 Steps 4 and 6: Preventing Data Entry and Rendering It Useless; 2.2.8 Step 5: Tracing Transmission of Compromised Credentials; 2.2.9 Step 6: Interfering with the Use of Compromised Information; 2.2.10 Step 7: Interfering with the Financial Benefit; References; 3 Spoofing and Countermeasures; 3.1 Email Spoofing; 3.1.1 Filtering; 3.1.2 Whitelisting and Greylisting; 3.1.3 Anti-spam Proposals; 3.1.4 User Education; 3.2 IP Spoofing; 3.2.1 IP Traceback 3.2.2 IP Spoofing Prevention3.2.3 Intradomain Spoofing; 3.3 Homograph Attacks Using Unicode; 3.3.1 Homograph Attacks; 3.3.2 Similar Unicode String Generation; 3.3.3 Methodology of Homograph Attack Detection; 3.4 Simulated Browser Attack; 3.4.1 Using the Illusion; 3.4.2 Web Spoofing; 3.4.3 SSL and Web Spoofing; 3.4.4 Ensnaring the User; 3.4.5 SpoofGuard Versus the Simulated Browser Attack; 3.5 Case Study: Warning the User About Active Web Spoofing; References; 4 Pharming and Client Side Attacks; 4.1 Malware; 4.1.1 Viruses and Worms; 4.1.2 Spyware; 4.1.3 Adware; 4.1.4 Browser Hijackers 4.1.5 Keyloggers4.1.6 Trojan Horses; 4.1.7 Rootkits; 4.1.8 Session Hijackers; 4.2 Malware Defense Strategies; 4.2.1 Defense Against Worms and Viruses; 4.2.2 Defense Against Spyware and Keyloggers; 4.2.3 Defense Against Rootkits; 4.3 Pharming; 4.3.1 Overview of DNS; 4.3.2 Role of DNS in Pharming; 4.3.3 Defense Against Pharming; 4.4 Case Study: Pharming with Appliances; 4.4.1 A Different Phishing Strategy; 4.4.2 The Spoof: A Home Pharming Appliance; 4.4.3 Sustainability of Distribution in the Online Marketplace; 4.4.4 Countermeasures; 4.5 Case Study: Race-Pharming; 4.5.1 Technical Description 4.5.2 Detection and Countermeasures |
| Record Nr. | UNINA-9910143417103321 |
| Hoboken, N.J., : Wiley-Interscience, c2007 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Phishing and countermeasures [[electronic resource] ] : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers
| Phishing and countermeasures [[electronic resource] ] : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers |
| Pubbl/distr/stampa | Hoboken, N.J., : Wiley-Interscience, c2007 |
| Descrizione fisica | 1 online resource (730 p.) |
| Disciplina |
005.9
364.163 |
| Altri autori (Persone) |
JakobssonMarkus
MyersSteven <1975-> |
| Soggetto topico |
Phishing
Identity theft - Prevention Computer security |
| ISBN |
1-280-82196-5
9786610821969 0-470-08610-6 0-470-08609-2 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Phishing and Countermeasures; CONTENTS; Preface; Acknowledgements; 1 Introduction to Phishing; 1.1 What is Phishing?; 1.2 A Brief History of Phishing; 1.3 The Costs to Society of Phishing; 1.4 A Typical Phishing Attack; 1.4.1 Phishing Example: America's Credit Unions; 1.4.2 Phishing Example: PayPal; 1.4.3 Making the Lure Convincing; 1.4.4 Setting The Hook; 1.4.5 Making the Hook Convincing; 1.4.6 The Catch; 1.4.7 Take-Down and Related Technologies; 1.5 Evolution of Phishing; 1.6 Case Study: Phishing on Froogle; 1.7 Protecting Users from Phishing; References
2 Phishing Attacks: Information Flow and Chokepoints2.1 Types of Phishing Attacks; 2.1.1 Deceptive Phishing; 2.1.2 Malware-Based Phishing; 2.1.3 DNS-Based Phishing ("Pharming"); 2.1.4 Content-Injection Phishing; 2.1.5 Man-in-the-Middle Phishing; 2.1.6 Search Engine Phishing; 2.2 Technology, Chokepoints, and Countermeasures; 2.2.1 Step 0: Preventing a Phishing Attack Before It Begins; 2.2.2 Step 1 : Preventing Delivery of Phishing Payload; 2.2.3 Step 2: Preventing or Disrupting a User Action; 2.2.4 Steps 2 and 4: Prevent Navigation and Data Compromise 2.2.5 Step 3: Preventing Transmission of the Prompt2.2.6 Step 4: Preventing Transmission of Confidential Information; 2.2.7 Steps 4 and 6: Preventing Data Entry and Rendering It Useless; 2.2.8 Step 5: Tracing Transmission of Compromised Credentials; 2.2.9 Step 6: Interfering with the Use of Compromised Information; 2.2.10 Step 7: Interfering with the Financial Benefit; References; 3 Spoofing and Countermeasures; 3.1 Email Spoofing; 3.1.1 Filtering; 3.1.2 Whitelisting and Greylisting; 3.1.3 Anti-spam Proposals; 3.1.4 User Education; 3.2 IP Spoofing; 3.2.1 IP Traceback 3.2.2 IP Spoofing Prevention3.2.3 Intradomain Spoofing; 3.3 Homograph Attacks Using Unicode; 3.3.1 Homograph Attacks; 3.3.2 Similar Unicode String Generation; 3.3.3 Methodology of Homograph Attack Detection; 3.4 Simulated Browser Attack; 3.4.1 Using the Illusion; 3.4.2 Web Spoofing; 3.4.3 SSL and Web Spoofing; 3.4.4 Ensnaring the User; 3.4.5 SpoofGuard Versus the Simulated Browser Attack; 3.5 Case Study: Warning the User About Active Web Spoofing; References; 4 Pharming and Client Side Attacks; 4.1 Malware; 4.1.1 Viruses and Worms; 4.1.2 Spyware; 4.1.3 Adware; 4.1.4 Browser Hijackers 4.1.5 Keyloggers4.1.6 Trojan Horses; 4.1.7 Rootkits; 4.1.8 Session Hijackers; 4.2 Malware Defense Strategies; 4.2.1 Defense Against Worms and Viruses; 4.2.2 Defense Against Spyware and Keyloggers; 4.2.3 Defense Against Rootkits; 4.3 Pharming; 4.3.1 Overview of DNS; 4.3.2 Role of DNS in Pharming; 4.3.3 Defense Against Pharming; 4.4 Case Study: Pharming with Appliances; 4.4.1 A Different Phishing Strategy; 4.4.2 The Spoof: A Home Pharming Appliance; 4.4.3 Sustainability of Distribution in the Online Marketplace; 4.4.4 Countermeasures; 4.5 Case Study: Race-Pharming; 4.5.1 Technical Description 4.5.2 Detection and Countermeasures |
| Record Nr. | UNINA-9910830161303321 |
| Hoboken, N.J., : Wiley-Interscience, c2007 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Phishing and countermeasures : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers
| Phishing and countermeasures : understanding the increasing problem of electronic identity theft / / edited by Markus Jakobsson, Steven Myers |
| Pubbl/distr/stampa | Hoboken, N.J., : Wiley-Interscience, c2007 |
| Descrizione fisica | 1 online resource (730 p.) |
| Disciplina | 364.16/3 |
| Altri autori (Persone) |
JakobssonMarkus
MyersSteven <1975-> |
| Soggetto topico |
Phishing
Identity theft - Prevention Computer security |
| ISBN |
1-280-82196-5
9786610821969 0-470-08610-6 0-470-08609-2 |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto |
Phishing and Countermeasures; CONTENTS; Preface; Acknowledgements; 1 Introduction to Phishing; 1.1 What is Phishing?; 1.2 A Brief History of Phishing; 1.3 The Costs to Society of Phishing; 1.4 A Typical Phishing Attack; 1.4.1 Phishing Example: America's Credit Unions; 1.4.2 Phishing Example: PayPal; 1.4.3 Making the Lure Convincing; 1.4.4 Setting The Hook; 1.4.5 Making the Hook Convincing; 1.4.6 The Catch; 1.4.7 Take-Down and Related Technologies; 1.5 Evolution of Phishing; 1.6 Case Study: Phishing on Froogle; 1.7 Protecting Users from Phishing; References
2 Phishing Attacks: Information Flow and Chokepoints2.1 Types of Phishing Attacks; 2.1.1 Deceptive Phishing; 2.1.2 Malware-Based Phishing; 2.1.3 DNS-Based Phishing ("Pharming"); 2.1.4 Content-Injection Phishing; 2.1.5 Man-in-the-Middle Phishing; 2.1.6 Search Engine Phishing; 2.2 Technology, Chokepoints, and Countermeasures; 2.2.1 Step 0: Preventing a Phishing Attack Before It Begins; 2.2.2 Step 1 : Preventing Delivery of Phishing Payload; 2.2.3 Step 2: Preventing or Disrupting a User Action; 2.2.4 Steps 2 and 4: Prevent Navigation and Data Compromise 2.2.5 Step 3: Preventing Transmission of the Prompt2.2.6 Step 4: Preventing Transmission of Confidential Information; 2.2.7 Steps 4 and 6: Preventing Data Entry and Rendering It Useless; 2.2.8 Step 5: Tracing Transmission of Compromised Credentials; 2.2.9 Step 6: Interfering with the Use of Compromised Information; 2.2.10 Step 7: Interfering with the Financial Benefit; References; 3 Spoofing and Countermeasures; 3.1 Email Spoofing; 3.1.1 Filtering; 3.1.2 Whitelisting and Greylisting; 3.1.3 Anti-spam Proposals; 3.1.4 User Education; 3.2 IP Spoofing; 3.2.1 IP Traceback 3.2.2 IP Spoofing Prevention3.2.3 Intradomain Spoofing; 3.3 Homograph Attacks Using Unicode; 3.3.1 Homograph Attacks; 3.3.2 Similar Unicode String Generation; 3.3.3 Methodology of Homograph Attack Detection; 3.4 Simulated Browser Attack; 3.4.1 Using the Illusion; 3.4.2 Web Spoofing; 3.4.3 SSL and Web Spoofing; 3.4.4 Ensnaring the User; 3.4.5 SpoofGuard Versus the Simulated Browser Attack; 3.5 Case Study: Warning the User About Active Web Spoofing; References; 4 Pharming and Client Side Attacks; 4.1 Malware; 4.1.1 Viruses and Worms; 4.1.2 Spyware; 4.1.3 Adware; 4.1.4 Browser Hijackers 4.1.5 Keyloggers4.1.6 Trojan Horses; 4.1.7 Rootkits; 4.1.8 Session Hijackers; 4.2 Malware Defense Strategies; 4.2.1 Defense Against Worms and Viruses; 4.2.2 Defense Against Spyware and Keyloggers; 4.2.3 Defense Against Rootkits; 4.3 Pharming; 4.3.1 Overview of DNS; 4.3.2 Role of DNS in Pharming; 4.3.3 Defense Against Pharming; 4.4 Case Study: Pharming with Appliances; 4.4.1 A Different Phishing Strategy; 4.4.2 The Spoof: A Home Pharming Appliance; 4.4.3 Sustainability of Distribution in the Online Marketplace; 4.4.4 Countermeasures; 4.5 Case Study: Race-Pharming; 4.5.1 Technical Description 4.5.2 Detection and Countermeasures |
| Record Nr. | UNINA-9910876850603321 |
| Hoboken, N.J., : Wiley-Interscience, c2007 | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. Federico II | ||
| ||
Security, privacy and user interaction / / Markus Jakobsson, editor
| Security, privacy and user interaction / / Markus Jakobsson, editor |
| Edizione | [1st ed. 2020.] |
| Pubbl/distr/stampa | Cham, Switzerland : , : Springer, , [2020] |
| Descrizione fisica | 1 online resource (XV, 153 p. 52 illus., 24 illus. in color.) |
| Disciplina | 005.8 |
| Soggetto topico | Computer security |
| ISBN | 3-030-43754-X |
| Formato | Materiale a stampa |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione | eng |
| Nota di contenuto | PART I: Considering the Typical User -- 1. Mind your SMSes: Mitigating Social Engineering in Second Factor Authentication -- 2. Permissions and Privacy -- 3. Privacy and Tracking -- PART II: Considering the Malicious User -- 4. A Framework for Analysis Attackers’ Accounts -- 5. Environmentally and Politically Conscious Crypto -- Part III: Designing Solutions Based on Typical and Malicious Users -- 6. Social Engineering Resistant 2FA -- 7. The Rising Threat of Launchpad Attacks -- 8. Discouraging Counterfeiting -- 9. Seeing the Future. |
| Record Nr. | UNISA-996465359303316 |
| Cham, Switzerland : , : Springer, , [2020] | ||
| Materiale a stampa | ||
| Lo trovi qui: Univ. di Salerno | ||
| ||
