The Experts below are selected from a list of 51 Experts worldwide ranked by ideXlab platform
Yue Zhang - One of the best experts on this subject based on the ideXlab platform.
-
phinding phish an evaluation of anti phishing toolbars
Network and Distributed System Security Symposium, 2006Co-Authors: Lorrie Faith Cranor, Jason Hong, Serge Egelman, Yue ZhangAbstract:There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.
Lorrie Faith Cranor - One of the best experts on this subject based on the ideXlab platform.
-
phinding phish an evaluation of anti phishing toolbars
Network and Distributed System Security Symposium, 2006Co-Authors: Lorrie Faith Cranor, Jason Hong, Serge Egelman, Yue ZhangAbstract:There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.
Jason Hong - One of the best experts on this subject based on the ideXlab platform.
-
phinding phish an evaluation of anti phishing toolbars
Network and Distributed System Security Symposium, 2006Co-Authors: Lorrie Faith Cranor, Jason Hong, Serge Egelman, Yue ZhangAbstract:There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.
Serge Egelman - One of the best experts on this subject based on the ideXlab platform.
-
phinding phish an evaluation of anti phishing toolbars
Network and Distributed System Security Symposium, 2006Co-Authors: Lorrie Faith Cranor, Jason Hong, Serge Egelman, Yue ZhangAbstract:There are currently dozens of freely available tools to help combat phishing and other web-based scams. Many of these tools come in the form of web browser extensions that warn users when they are browsing a suspected phishing site. We used verified phishing URLs and legitimate URLs to test the effectiveness of 10 popular antiphishing toolbars. Overall, we found that the anti-phishing toolbars that were examined in this study left a lot to be desired. SpoofGuard did a very good job at identifying fraudulent sites, but it also incorrectly identified a large fraction of legitimate sites as fraudulent. EarthLink, Google, Netcraft, Cloudmark, and Internet Explorer 7 identified most fraudulent sites correctly and had few, if any, false positives, but they still missed more than 15% of fraudulent sites. The TrustWatch, eBay, and Netscape 8 toolbars could correctly identify less than half the fraudulent sites, and McAfee SiteAdvisor did not correctly identify any fraudulent sites. Many of the toolbars we tested were vulnerable to some simple exploits as well. In this paper we describe the anti-phishing toolbar test bed we developed, summarize our findings, and offer observations about the usability and overall effectiveness of these toolbars. Finally, we suggest ways to improve anti-phishing toolbars.
Li Linfeng - One of the best experts on this subject based on the ideXlab platform.
-
Reliability, usability and security in anti-phishing software and its design
2008Co-Authors: Li LinfengAbstract:Phishing, a typical online identity theft, has become one of the most critical threats of on-line business. Most victims are deceived by forging authorized websites. Being cheated by fraudulent websites does not only mean the loss of money, but also the damage of online trust relationship. From the whole economic and social system’s point of view, the damage is not stopped at the point of destroying online trust relationship. In fact, the side effects of missing the business basis, trust relationship, will finally cause an economic slowdown. Undoubtedly, the final consequence will turn to be a tragedy. In order to protect users from this simple cheating attack, we collected and classified three types of phishing attacks on client side, server side and transmission media. In addition, we also selected and carefully experimented, from usability perspective, four representative anti-phishing toolbars, Google Safe Browsing, Netcraft antiphishing toolbar, SpoofGuard, and my own software Anti-phishing IEPlug. Additionally, we employed misuse-oriented method to illustrate how to design phishing-resistant information system at design or requirement stage. According to the results of these studies, we suggest that end users should trust and use anti-phishing software to protect themselves. Moreover, for ordinary users, it is also highly recommended to observe and report any suspicious websites and attempts. Meanwhile, it is always a good habit to carefully check URLs and certificate authorities of online banking websites. From the results of my antiphishing studies, it also shows that the war between phishers and anti-phishers never ends. Phishing techniques are constantly evolving, as well as existing phishing preventive client side applications’ own defects are not overcome yet. However, the study results are showing that phishing may be killed out at system design stage, e.g. by using misuse case method. Key words and terms: software quality, phishing, phishing prevention, software design, malwar