Speaker: Collin Jackson, Stanford University
Title: Context-Aware Phishing Attacks and Client-Side Defenses
I will describe context-aware phishing attacks that query the user's browser history and use this information to construct a more convincing and tailored attack. We have implemented browser extensions (SafeCache and SafeHistory) that defend against these attacks by restricting the information your browser leaks about other sites you've been to. I will discuss alternative server-side solutions and some legitimate uses for querying browser state.
Next, I will present two client-side web authentication projects that have been implemented at Stanford: PwdHash (a phishing defense that generates per-site passwords) and SpyBlock (a phishing and spyware defense using virtualization). Protecting passwords using hashing and virtualization are widely known techniques but these methods are vulnerable without a spoof-resistant user interface. I will discuss the user interfaces we tried and show a brief demo.