Speaker: Collin Jackson, Stanford University
Title: Transaction Generators: Rootkits for the Web
Abstract:
New authentication mechanisms such as one-time passwords and client
certificates are now being deployed to combat phishing threats such as
phishing and keyloggers. As passwords become harder to steal,
keyloggers are evolving into a new strain of identity theft malware:
transaction generators that do not steal credentials directly, but
rather take over legitimate sessions and stealthily issue real-time
transactions without the account holder's knowledge. Transaction
authentication using trusted paths can help web sites to defend
against these attacks.
Joint work with Dan Boneh and John Mitchell.