AntiPhishing Technology Chokepoints and Countermeasures Aaron Emigh Radix

  • Slides: 38
Download presentation
Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs aaron@radixlabs. com

Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs [email protected] com

A Typical Phishing Email

A Typical Phishing Email

Phishing Information Flow

Phishing Information Flow

Step 1: Phish Delivery

Step 1: Phish Delivery

Authentication

Authentication

Reducing False Positives

Reducing False Positives

Image Recognition Simple idea: recognize logos

Image Recognition Simple idea: recognize logos

Image Recognition Maybe not so simple…

Image Recognition Maybe not so simple…

Image Recognition Fully render, then retrieve sub-images

Image Recognition Fully render, then retrieve sub-images

Patching

Patching

Secure Patch Distribution

Secure Patch Distribution

Secure Patch Activation

Secure Patch Activation

Automatic Secure Patch Activation

Automatic Secure Patch Activation

Step 2: User Action

Step 2: User Action

Education Why Johnny can’t identify phish…

Education Why Johnny can’t identify phish…

Personally Identifiable Information

Personally Identifiable Information

Personally Identifiable Information

Personally Identifiable Information

Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click

Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click on <A HREF="http: //security. ebay. [email protected] com">this link. </A> <P>To go to a surprising place via a cloaked URL with a password, click on <A HREF="http: //security. ebay. com: [email protected] com">this link. </A> <P>To go to a surprising place via an open redirect, click on <A HREF="http: //redirect. ebaysecurity. com? url=phisher. com">this link. </A> <P>To go to a surprising place via misleading link, click on <A HREF="http: //phisher. com">http: //security. ebay. com. </A>

Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click

Unmask Deceptive Links <P>To go to a surprising place via a cloaked URL, click on <A HREF="http: //security. ebay. [email protected] com">this link. </A> <P>To go to a surprising place via a cloaked URL with a password, click on <A HREF="http: //security. ebay. com: [email protected] com">this link. </A> <P>To go to a surprising place via an open redirect, click on <A HREF="http: //redirect. ebaysecurity. com? url=phisher. com">this link. </A> <P>To go to a surprising place via misleading link, click on <A HREF="http: //phisher. com">http: //security. ebay. com. </A>

Interfere With Navigation

Interfere With Navigation

Detecting DNS Poisoning

Detecting DNS Poisoning

Steps 2 and 4: Information Sharing

Steps 2 and 4: Information Sharing

It’s the metadata, stupid!

It’s the metadata, stupid!

Step 4: Transmitting data

Step 4: Transmitting data

Little Brother is Watching

Little Brother is Watching

Steps 4 and 6: Secure Path

Steps 4 and 6: Secure Path

Secure Path (That Was Then) Login: aaron Password: ******

Secure Path (That Was Then) Login: aaron Password: ******

Secure Path (This Is Now)

Secure Path (This Is Now)

Secure Path (This Is Now)

Secure Path (This Is Now)

Step 6: Data Without Value

Step 6: Data Without Value

Two-Factor Authentication

Two-Factor Authentication

Two-Factor Authentication

Two-Factor Authentication

Password Hashing

Password Hashing

Policy-based data

Policy-based data

Aftermath: Ex Post Facto Detection

Aftermath: Ex Post Facto Detection

Aftermath: Information Sharing

Aftermath: Information Sharing

Conclusions

Conclusions

Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs aaron@radixlabs. com

Anti-Phishing Technology Chokepoints and Countermeasures Aaron Emigh Radix Labs [email protected] com