BioSec: DNMar23: Difference between revisions
Created page with "== Possible Security problems == - misuse of data - input validation - phishing - banking - want credentials - using email - send an email that looks like it comes…" |
No edit summary |
||
| Line 52: | Line 52: | ||
- how should they change system state in the normal case? | - how should they change system state in the normal case? | ||
= List of individual detectors = | |||
image filename check | |||
context / semantic word descriptions | |||
spellcheck | |||
domain ip address check | |||
certificate check | |||
Revision as of 14:43, 23 March 2012
Possible Security problems
- misuse of data
- input validation
- phishing
- banking
- want credentials
- using email
- send an email that looks like it comes from the bank
- link goes to malicious site that looks arbitrarily like the bank (unpack)
- user types in credentials, potentially gets transparently redirected to real bank site
problem arises from:
* illegitimate email
* link to site that looks like bank but isn’t
* credentials being entered in wrong domain, wrong page
* misappropriated language, images in email, site
* bad/missing/suspect cert?
- cert/credential combo suspect
Human algorithm
is domain same for the one where we normally send credentials
not normally in response to email request
cert is the same
Think of individual detectors as autonomous
- how would they be useful?
- how would they work? to detect?
- how should they change system state in the normal case?
List of individual detectors
image filename check context / semantic word descriptions spellcheck domain ip address check certificate check