Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Phishing with Rachna Dhamija
Federico Biancuzzi, 2006-06-19

Federico Biancuzzi interviews Rachna Dhamija, co-author of the paper "Why Phishing Works" and creator of Dynamic Security Skins. They discuss the human factor, how easy it is to recreate a credible browser window made with images, some new anti-phishing features included in the upcoming version of some popular browsers, and the power of letting a user personalize his interface.

Comments Mode:
Phishing with Rachna Dhamija 2006-06-19
Anonymous (1 replies)
It's good to see someone taking into account the human mind again. DNS was built to account for the human recollection of common names over series of numbers. The same can be said for imagery and personal customization. I wholeheartedly agree with Mr. Dhamija's concept for DSS. The layout of common ...

[ more ]  [ reply ]
Re: Phishing with Rachna Dhamija 2006-06-20
Anonymous (1 replies)
DSS is certainly a great idea. However... attackers easily adapt to new technologies. I can already imagine the new phishing scams :
"Dear Bank of XYZ customer,
We have reason to believe that your security image has been compromised. Please post us your SSN, PIN, password and credit card number ...

[ more ]  [ reply ]
Re: Re: Phishing with Rachna Dhamija 2006-06-22
AH
Furthermore,
"Dear TrustedSite X customer,
A number of our customers have reported that their security image has been compromised. Because your security is of high importance to us, we ask you to visit our web site by clicking on the link below and verify that the security image you see is the cor...

[ more ]  [ reply ]
Phishing with Rachna Dhamija 2006-06-20
Pranav LalAnonymous (1 replies)
Custom user skins are a good idea. My concern however is with people who cannot view images such as the users of screen readers. How will they use these new authentication schemes? Yes, cvision substitution technologies such as the vOICe (http://www.seeingwithsound.com) exist that help such users to...

[ more ]  [ reply ]
Re: Phishing with Rachna Dhamija 2006-06-26
Anonymous
i dont agree - while efforts should be made to protect everyone, solutions that may only assist persons with full visual or audio capacitites shouldnt be tossed out just because they dont help everyone - i'm certain that hearing impared persons can more easily be "snuck up on" by a would be pick-poc...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus