BioSec: DNMar23: Difference between revisions
| Line 13: | Line 13: | ||
Problems arise from: | Problems arise from: | ||
* illegitimate email | |||
* link to site that looks like the bank but isn't the bank | |||
* credentials being entered in wrong domain, wrong page | |||
* misappropriated text, images in email, site images | |||
* bad/missing/suspect certificate | |||
** certificate/credential combination is suspect | |||
Revision as of 15:23, 26 March 2012
Possible Security problems
- misuse of data
- input validation
- phishing
- banking
- want credentials
- using email
- send an email that looks like it comes from the bank
- link goes to malicious site that looks arbitrarily like the bank (unpack)
- user types in credentials, potentially gets transparently redirected to real bank site
Problems arise from:
- illegitimate email
- link to site that looks like the bank but isn't the bank
- credentials being entered in wrong domain, wrong page
- misappropriated text, images in email, site images
- bad/missing/suspect certificate
- certificate/credential combination is suspect
Human algorithm:
* is domain same for the one where we normally send credentials * not normally in response to email request * certificate is the same
Think of individual detectors as autonomous:
* how would they be useful? * how would they work? to detect? * how should they change system state in the normal case?
List of individual detectors
image filename check
context / semantic word descriptions --> semantic integrity - verifying message / content integrity based on the content itself - even if it is digitally signed.
spellcheck
domain / ip address check
certificate check - issuer name, domain name, client name, date of issue, date of expiry