Tuesday, October 22, 2013

Phishing Counter-Measures Unleashed

| | 0 comments
resources.infosecinstitute.com
In this article, I have done my best to gather and explain all the possible ways by which phishing can be avoided. Here I am going to explain phishing counter-measures in great detail. As you know, phishing is a kind of technical and psychological attack based on human nature, which makes a user to reveal his/her sensitive information to the attacker. For more information on phishing, you may visit Wikipedia and search for the topic “Phishing.” Here I am going to provide you all possible counter-measures for phishing attacks.
Introduction

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Especially with the growth of the marketing industry, these types of attacks are rising. A 2007 case study shows that phishing attackers were collecting and purchasing Google AdWords in order to install RAT on victim’s systems. By this, attackers can click on a couple of ads through which they can earn some money.

Different Phishing Countermeasures
1. Auto-Generate Domain-Specific Password
Many researchers have developed a kind of mechanism in which, when you give your username and password, it turns into a domain-specific password and that is even done via a transparent method. The basic idea behind this is to hash passwords with a secret key along with website domain name. The website domain name is very important because it will tell that password to go into that domain [1].

Even if the user uses the same password for every entry point in the world, it gets changed due to this mechanism, so it becomes really hard for the attacker to get the password because it will be very unique and long which will be hard to remember.

Advantages:

  1. Looks cool.
  2. Works fine on a theoretical basis.
Disadvantages:

  1. Practical implementation is quite difficult.
  2. Many banks use multiple domains and sub-domains.
  3. Some sites force the user to use a password with a combination of uppercase, lowercase, and symbols.
  4. It’s a static solution: If a user travels without his/her laptop then this mechanism is not helpful anymore. She/he has to carry his/her device everywhere along with them.
     

No comments:

Post a Comment

Support : Relax Viet
Copyright © 2013. Security24h - All Rights Reserved
Design by Namkna
Best View Resolution 1024 x 768 pixel