Dynamic pharming attacks and locked same-origin policies for web browsers
We describe a new attack against web authentication, which we call dynamic pharming.
Dynamic pharming works by hijacking DNS and sending the victim's browser malicious …
Dynamic pharming works by hijacking DNS and sending the victim's browser malicious …
[PDF][PDF] Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication.
C Karlof, JD Tygar, DA Wagner - NDSS, 2009 - people.eecs.berkeley.edu
We introduce the notion of a conditioned-safe ceremony. A “ceremony” is similar to the
conventional notion of a protocol, except that a ceremony explicitly includes human …
conventional notion of a protocol, except that a ceremony explicitly includes human …
Legal risks for phishing researchers
C Soghoian - 2008 eCrime Researchers Summit, 2008 - ieeexplore.ieee.org
Researchers are increasingly turning to live, dasiain the wildpsila phishing studies of users,
who unknowingly participate without giving informed consent. Such studies can expose …
who unknowingly participate without giving informed consent. Such studies can expose …
Secure bindings of SAML assertions to TLS sessions
In recent research work, two approaches to protect SAML based Federated Identity
Management (FIM) against man-in-the-middle attacks have been proposed. One approach …
Management (FIM) against man-in-the-middle attacks have been proposed. One approach …
WiFi Epidemiology: Can Your Neighbors' Router Make Yours Sick?
H Hu, S Myers, V Colizza, A Vespignani - arXiv preprint arXiv:0706.3146, 2007 - arxiv.org
In densely populated urban areas WiFi routers form a tightly interconnected proximity
network that can be exploited as a substrate for the spreading of malware able to launch …
network that can be exploited as a substrate for the spreading of malware able to launch …
[图书][B] Human factors in web authentication
CK Karlof - 2009 - search.proquest.com
This dissertation endeavors to improve the security of user authentication on the World Wide
Web. One threat to Web authentication is phishing, a social engineering attack that solicits …
Web. One threat to Web authentication is phishing, a social engineering attack that solicits …
[PDF][PDF] A User Study Design for Comparing the Security of Registration Protocols.
C Karlof, JD Tygar, DA Wagner - UPSEC, 2008 - usenix.org
A User Study Design for Comparing the Security of Registration Protocols Page 1 A User Study
Design for Comparing the Security of Registration Protocols Chris Karlof JD Tygar David …
Design for Comparing the Security of Registration Protocols Chris Karlof JD Tygar David …
The Threat of Political Phishing.
C Soghoian, O Friedrichs, M Jakobsson - HAISA, 2008 - books.google.com
Internet based donations to political candidates are now a vital part of any successful
campaign. Tens of millions of dollars are raised online each year, primarily in sub …
campaign. Tens of millions of dollars are raised online each year, primarily in sub …
User-aware provably secure protocols for browser-based mutual authentication
The standard solution for mutual authentication between human users and servers on the
internet is to execute a transport layer security (TLS) handshake during which the server …
internet is to execute a transport layer security (TLS) handshake during which the server …
On cryptographically strong bindings of SAML assertions to transport layer security
In recent research, two approaches to protect SAML based Federated Identity Management
(FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the …
(FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the …