Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

Phishing and Countermeasures Understanding the Increasing Problem of Electronic Identity Theft

Best in textbook rentals since 2012!

ISBN-10: 0470086092

ISBN-13: 9780470086094

Edition: 2006

Authors: Markus Jakobsson, Steven Myers

List price: $114.00
Blue ribbon 30 day, 100% satisfaction guarantee!
Out of stock
We're sorry. This item is currently unavailable.
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

Phishing and Counter-Measures discusses how and why phishing is a threat, and presents effective countermeasures. Showing you how phishing attacks have been mounting over the years, how to detect and prevent current as well as future attacks, this text focuses on corporations who supply the resources used by attackers. The authors subsequently deliberate on what action the government can take to respond to this situation and compare adequate versus inadequate countermeasures.
Customers also bought

Book details

List price: $114.00
Copyright year: 2006
Publisher: John Wiley & Sons, Incorporated
Publication date: 12/5/2006
Pages: 739
Language: English

Preface
Acknowledgements
Introduction to Phishing
What is Phishing?
A Brief History of Phishing
The Costs to Society of Phishing
A Typical Phishing Attack
Phishing Example: America's Credit Unions
Phishing Example: PayPal
Making The Lure Convincing
Setting The Hook
Making The Hook Convincing
The Catch
Take-Down and Related Technologies
Evolution of Phishing
Case Study: Phishing on Froogle
Protecting Users from Phishing
References
Phishing Attacks: Information Flow and Chokepoints
Types of Phishing Attacks
Deceptive Phishing
Malware-Based Phishing
DNS-Based Phishing ("Pharming")
Content-Injection Phishing
Man-in-the-Middle Phishing
Search Engine Phishing
Technology, Chokepoints and Countermeasures
Step 0: Preventing a Phishing Attack Before it Begins
Step 1: Preventing Delivery of Phishing Payload
Step 2: Preventing or Disrupting a User Action
Steps 2 and 4: Prevent Navigation and Data Compromise
Step 3: Preventing Transmission of the Prompt
Step 4: Preventing Transmission of Confidential Information
Steps 4 and 6: Preventing Data Entry and Rendering it Useless
Step 5: Tracing Transmission of Compromised Credentials
Step 6: Interfering with the Use of Compromised Information
Step 7: Interfering with the Financial Benefit
References
Spoofing and Countermeasures
Email Spoofing
Filtering
Whitelisting and Greylisting
Anti-spam Proposals
User Education
IP Spoofing
IP Traceback
IP Spoofing Prevention
Intradomain Spoofing
Homograph Attacks Using Unicode
Homograph Attacks
Similar Unicode String Generation
Methodology of Homograph Attack Detection
Simulated Browser Attack
Using the Illusion
Web Spoofing
SSL and Webspoofing
Ensnaring the User
SpoofGuard Versus the Simulated Browser Attack
Case Study: Warning the User About Active Web Spoofing
References
Pharming and Client Side Attacks
Malware
Viruses and Worms
Spyware
Adware
Browser Hijackers
Keyloggers
Trojan Horses
Rootkits
Session Hijackers
Malware Defense Strategies
Defense Against Worms and Viruses
Defense Against Spyware and Keyloggers
Defending Against Rootkits
Pharming
Overview of DNS
Role of DNS in Pharming
Defending Against Pharming
Case Study: Pharming with Appliances
A Different Phishing Strategy
The Spoof: A Home Pharming Appliance
Sustainability of Distribution in the Online Marketplace
Countermeasures
Case Study: Race-Pharming
Technical Description
Detection and Countermeasures
Contrast with DNS Pharming
References
Status Quo Security Tools
An overview of Anti-Spam Techniques
Public Key Cryptography and its Infrastructure
Public key Encryption
Digital Signatures
Certificates & Certificate Authorities
Certificates
SSL Without a PKI
Modes of Authentication
The Handshaking Protocol
SSL in the Browser
Honeypots
Advantages and Disadvantages.
Technical Details
Honeypots and the Security Process
Email Honeypots
Phishing Tools and Tactics
References
Adding Context to Phishing Attacks: Spear Phishing
Overview of Context Aware Phishing
Modeling Phishing Attacks
Stages of Context Aware Attacks
Identity Linking
Analysing the General Case
Analysis of One Example Attack
Defenses Against our Example Attacks
Case Study: Automated Trawling for Public Private Data
Mother's Maiden Name: Plan of Attack
Availability of Vital Information
Heuristics for MMN Discovery
Experimental Design
Assessing the Damage
Time and Space Heustics
MMN Compromise in Suffixed Children
Other Ways to Derive Mother's Maiden Names
Case Study: Using Your Social Network Against You
Motivations of a Social Phishing Attack Experiment
Design Considerations
Data Mining
Performing the Attack
Results
Reactions Expressed in Experiment Blog
Case Study: Browser Recon Attacks
Who Cares Where I've Been?
Mining Your History
CSS To Mine History
Bookmarks
Various Uses For Browser-Recon
Protecting Against Browser Recon Attacks
Case Study: Using the Autofill feature in Phishing
Case Study: Acoustic Keyboard Emanations
Previous Attacks of Acoustic Emanations
Description of Attack
Technical Details
Experiments
References
Human-Centered Design Considerations
Introduction: The Human Context of Phishing and Online Security
Human Behavior
Browser and Security Protocol Issues in the Human Context
Overview of the HCI and Security Literature
Understanding and Designing for Users
Understanding Users and Security
Designing Usable Secure Systems
Mis-Education
How Does Learning Occur?
The Lessons
Learning to Be Phished
Solution Framework
References
Passwords
Traditional Passwords
Cleartext Passwords
Password recycling
Hashed Passwords
Brute force attacks
Dictionary Attacks
Time-Memory Tradeoffs
Salted Passwords
Eavesdropping
One-Time Passwords
Alternatives to Passwords
Case Study: Phishing in Germany
Comparison of Procedures
Recent Changes and New Challenges
Security Questions as Password Reset Mechanisms
Knowledge Based Authentication
Security Properties of Life Questions
Protocols Using Life Questions
Example Systems
One-Time Password Tokens
OTPs as a Phishing Countermeasure
Advanced Concepts
References
Mutual Authentication and Trusted Pathways
The Need for Reliable Mutual Authentication
Distinctions Between The Physical and Virtual World
The State of Current Mutual Authentication
Password Authenticated Key Exchange
A Comparison Between PAKE and SSL
An Example PAKE Protocol: SPEKE
Other PAKE Protocols and Some Augmented Variations
Doppelganger Attacks on PAKE
Delayed Password Disclosure
DPD Security Guarantees
A DPD Protocol
Trusted Path: How To Find Trust in an Unscrupulous World
Trust on the World Wide Web
Trust Model: Extended Conventional Model
Trust Model: Xenophobia
Trust Model: Untrusted Local Computer
Trust Model: Untrusted Recipient
Usability Considerations
Dynamic Security Skins
Security Properties
Why Phishing Works
Dynamic Security Skins
User Interaction
Security Analysis
Browser Enhancements for Preventing Phishing
Goals for Anti-phishing Techniques
Google Safe Browsing
Phoolproof Phishing Prevention
Final Design of the Two-Factor Authentication System
References
Biometrics and Authentication
Biometrics
Fundamentals of Biometric Authentication
Biometrics and Cryptography
Biometrics and Phishing
Phishing Biometric Characteristics
Hardware Tokens for Authentication and Authorization
Trusted Computing Platforms and Secure Operating Systems
Protecting Against Information Harvesting
Protecting Against Information Snooping
Protecting Against Redirection
Secure Dongles and PDAs
The Promise and Problems of PKI
Smart Cards and USB Dongles to Mitigate Risk
PorKI Design and Use
PorKI Evaluation
New Applications and Directions
Cookies for Authentication
Cache-Cookie Memory Management
Cache-Cookie Memory
C-Memory
TIF-Based Cache Cookies
Schemes for User Identification and Authentication
Identifier Trees
Rolling-Pseudonym Scheme
Denial-of-Service Attacks
Secret Cache Cookies
Audit Mechanisms
Proprietary Identifier-Trees
Implementation
Lightweight Email Signatures
Cryptographic and System Preliminaries
Lightweight Email Signatures
Technology Adoption
Vulnerabilities
Experimental Results
References
Making Takedown Difficult
Detection and Takedown
Avoiding Distributed Phishing Attacks-Overview
Collection of Candidate Phishing Emails
Classification of Phishing Emails
References
Protecting Browser State
Client-Side Protection of Browser State
Same-Origin Principle
Protecting Cache
Protecting Visited Links
Server-Side Protection of Browser State
Goals
A Server-Side Solution
Pseudonyms
Translation Policies
Special Cases
Security Argument
Implementation Details
Pseudonyms and Translation
General Considerations
References
Browser Toolbars
Browser-Based Anti-Phishing Tools
Information-Oriented Tools
Database-Oriented Tools
Domain-Oriented Tools
Do Browser Toolbars Actually Prevent Phishing?
Study Design
Results and Discussion
References
Social Networks
The Role of Trust Online
Existing Solutions for Securing Trust Online
Reputation Systems and Social Networks
Third Party Certifications
First Party Assertions
Existing Solutions for Securing Trust Online
Case Study: "Net Trust"
Identity
The Buddy List
The Security Policy
The Rating System
The Reputation System
Privacy Considerations and Anonymity Models
Usability Study Results
The Risk of Social Networks
References
Microsoft's Anti-Phishing Technologies and Tactics
Cutting The Bait: SmartScreen Detection of Email Spam and Scams
Cutting The Hook: Dynamic Protection Within the Web Browser
Prescriptive Guidance and Education for Users
Ongoing Collaboration, Education and Innovation
References
Using S/MIME
Secure Electronic Mail: A Brief History
The Key Certification Problem
Sending Secure Email: Usability Concerns
The Need to Redirect Focus
Amazon.com's Experience with S/MIME
Survey Methodology
Awareness of Cryptographic Capabilities
Segmenting the Respondents
Appropriate Uses of Signing and Sealing
Signatures Without Sealing
Evaluating the Usability Impact of S/MIME-Signed Messages
Problems from the Field
Conclusions and Recommendations
Promote Incremental Deployment
Extending Security from the Walled Garden
S/MIME for Webmail
Improving the S/MIME Client
References
Experimental evaluation of attacks and countermeasures
Behavioral Studies
Targets of Behavioral Studies
Techniques of Behavioral Studies for Security
Strategic and Tactical Studies
Case Study: Attacking eBay Users with Queries
User-to-User Phishing on eBay
eBay Phishing Scenarios
Experiment Design
Methodology
Case Study: Signed Applets
Trusting Applets
Exploiting Applets' Abilities
Understanding the Potential Impact
Case Study: Ethically Studying Man in the Middle
Man-in-the-Middle and Phishing
Experiment: Design Goals and Theme
Experiment: Man-in-the-Middle Technique Implementation
Experiment: Participant Preparation
Experiment: Phishing Delivery Method
Experiment: Debriefing
Preliminary Findings
Legal Considerations in Phishing Research
Specific Federal and State Laws
Contract Law - Business Terms of Use
Potential Tort Liability
The Scope of Risk
Case Study: Designing and Conducting Phishing Experiments
Ethics and Regulation
Phishing experiments-Three Case Studies
Making it Look Like Phishing
Subject Reactions
The Issue of Timeliness
References
Liability for Phishing
Impersonation
Anti-SPAM
Trademark
Copyright
Obtaining Personal Information
Fraudulent Access
Identity Theft
Wire Fraud
Pretexting
Unfair Trade Practice
Phishing-Specific Legislation
Theft
Exploiting Personal Information
Fraud
Identity Theft
Illegal Computer Access
Trespass to Chattels
References
The Future
Index
About the Editors
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe