Global ETD Search

71	Projeto de um dispositivo de autenticação e assinatura. / Design and implementation of an authentication device. Gustavo Yamasaki Martins Vieira 15 October 2007 (has links) Atualmente o uso de senhas, método comum para efetuar autenticação em páginas da internet, mostra-se uma alternativa com problemas de segurança devido ao aumento de ataques baseados em spyware e phishing. O objetivo desses ataques é obter a senha do usuário, isto é, sua identidade digital sem que o usuário perceba o ocorrido. Para conter esse tipo de ataque, instituições financeiras começaram a adotar a autenticação forte, técnica que emprega o uso simultâneo de múltiplos autenticadores. A combinação das vantagens dos diferentes autenticadores resulta em uma atenuação mútua de suas vulnerabilidades e, em conseqüência, um método mais seguro de verificação de identidade. Esse trabalho apresenta o projeto e a implementação de um dispositivo de autenticação, permitindo combinar o uso de senhas e autenticadores baseados em objeto. As principais características do dispositivo são o seu custo reduzido e o uso de algoritmos criptográficos com código aberto. Algoritmos de código aberto possuem a sua segurança averiguada de forma ampla e independente, característica que dá maior confiabilidade ao sistema, permitindo a qualquer pessoa avaliar o código executado pelo dispositivo. / Currently, password-based authentication is the most widespread identity verification method for web pages access. However it presents security issues due to the growth of attacks based on spywares and phishing. The main purpose of both techniques is the digital identity theft, that is, stealing users\' passwords in an unnoticed way. In order to counter this type of attack, many financial institutions have adopted strong authentication, a technique that employs a simultaneous use of different authentication factors. By synergistically combining the advantages of distinct factors, such arrangement results in the mutual mitigation of the vulnerabilities of each one, yielding an architecturally safer identity verification method. This work presents the design and implementation of an authentication device, which combines passwordbased and object-based authenticators. Its main distinguishing features are the reduced cost and the use of open sourced cryptographic algorithms. Open source algorithms have their security widely and independently verified, a characteristic that helps increase the system\'s reliability, since third parties may check the source code running on the device. Segurança na internet Authentication Phishing Scam Security Token
72	Early detection of malicious web content with applied machine learning Likarish, Peter F. 01 July 2011 (has links) This thesis explores the use of applied machine learning techniques to augment traditional methods of identifying and preventing web-based attacks. Several factors complicate the identification of web-based attacks. The first is the scale of the web. The amount of data on the web and the heterogeneous nature of this data complicate efforts to distinguish between benign sites and attack sites. Second, an attacker may duplicate their attack at multiple, unexpected locations (multiple URLs spread across different domains) with ease. Third, attacks can be hosted nearly anonymously; there is little cost or risk associated with hosting or publishing a web-based attack. In combination, these factors lead one to conclude that, currently, the webs threat landscape is unfavorably tilted towards the attacker. To counter these advantages this thesis describes our novel solutions to web se- curity problems. The common theme running through our work is the demonstration that we can detect attacks missed by other security tools as well as detecting attacks sooner than other security responses. To illustrate this, we describe the development of BayeShield, a browser-based tool capable of successfully identifying phishing at- tacks in the wild. Progressing from specific to a more general approach, we next focus on the detection of obfuscated scripts (one of the most commonly used tools in web-based attacks). Finally, we present TopSpector, a system we've designed to forecast malicious activity prior to it's occurrence. We demonstrate that by mining Top-Level DNS data we can produce a candidate set of domains that contains up to 65% of domains that will be blacklisted. Furthermore, on average TopSpector flags malicious domains 32 days before they are blacklisted, allowing the security community ample time to investigate these domains before they host malicious activity. applied machine learning Computer security Domain Name System javascript phishing web-based attacks Computer Sciences
73	The State of Home Computer Security / Säkerhetsläget för hemdatorer 2004 Frisk, Ulf, Drocic, Semir January 2004 (has links) <p>Hundreds of millions of people use their home computers every day for different purposes. Many of them are connected to the Internet. Most of them are unaware of the threats or do not know how to protect themselves. This unawareness is a major threat to global computer security. </p><p>This master thesis starts by explaining some security related terms that might be unknown to the reader. It then goes on by addressing security vulnerabilities and flaws in the most popular home computer operating systems. The most important threats to home computer security are reviewed in the following chapter. These threats include worms, email worms, spyware and trojan horses. After this chapter some possible solutions for improving home computer security are presented. Finally this master thesis contains a short user survey to find out what the problems are in the real world and what can be doneto improve the current situation.</p> Informationsteknik home computer security worm spyware phishing trojans Informationsteknik Information technology Informationsteknik
74	Using Web bugs and honeytokens to investigate the source of phishing attacks McRae, Craig Michael, January 2008 (has links) Thesis (M.S.)--Mississippi State University. Department of Computer Science and Engineering. / Title from title screen. Includes bibliographical references.
75	Vers une détection des attaques de phishing et pharming côté client Gastellier-Prevost, Sophie 24 November 2011 (has links) (PDF) Le développement de l'Internet à haut débit et l'expansion du commerce électronique ont entraîné dans leur sillage de nouvelles attaques qui connaissent un vif succès. L'une d'entre elles est particulièrement sensible dans l'esprit collectif : celle qui s'en prend directement aux portefeuilles des Internautes. Sa version la plus répandue/connue est désignée sous le terme phishing. Majoritairement véhiculée par des campagnes de spam, cette attaque vise à voler des informations confidentielles (p.ex. identifiant, mot de passe, numéro de carte bancaire) aux utilisateurs en usurpant l'identité de sites marchands et/ou bancaires. Au fur et à mesure des années, ces attaques se sont perfectionnées jusqu'à proposer des sites webs contrefaits qui visuellement - hormis l'URL visitée - imitent à la perfection les sites originaux. Par manque de vigilance, bon nombre d'utilisateurs communiquent alors - en toute confiance - des données confidentielles. Dans une première partie de cette thèse, parmi les moyens de protection/détection existants face à ces attaques, nous nous intéressons à un mécanisme facile d'accès pour l'Internaute : les barres d'outils anti-phishing, à intégrer dans le navigateur web. La détection réalisée par ces barres d'outils s'appuie sur l'utilisation de listes noires et tests heuristiques. Parmi l'ensemble des tests heuristiques utilisés (qu'ils portent sur l'URL ou le contenu de la page web), nous cherchons à évaluer leur utilité et/ou efficacité à identifier/différencier les sites légitimes des sites de phishing. Ce travail permet notamment de distinguer les heuristiques décisifs, tout en discutant de leur pérennité. Une deuxième variante moins connue de cette attaque - le pharming - peut être considérée comme une version sophistiquée du phishing. L'objectif de l'attaque reste identique, le site web visité est tout aussi ressemblant à l'original mais - a contrario du phishing - l'URL visitée est cette fois-ci elle aussi totalement identique à l'originale. Réalisées grâce à une corruption DNS amont, ces attaques ont l'avantage de ne nécessiter aucune action de communication de la part de l'attaquant : celui-ci n'a en effet qu'à attendre la visite de l'Internaute sur son site habituel. L'absence de signes "visibles" rend donc l'attaque perpétrée particulièrement efficace et redoutable, même pour un Internaute vigilant. Certes les efforts déployés côté réseau sont considérables pour répondre à cette problématique. Néanmoins, le côté client y reste encore trop exposé et vulnérable. Dans une deuxième partie de cette thèse, par le développement de deux propositions visant à s'intégrer dans le navigateur client, nous introduisons une technique de détection de ces attaques qui couple une analyse de réponses DNS à une comparaison de pages webs. Ces deux propositions s'appuient sur l'utilisation d'éléments de référence obtenus via un serveur DNS alternatif, leur principale différence résidant dans la technique de récupération de la page web de référence. Grâce à deux phases d'expérimentation, nous démontrons la viabilité du concept proposé. [INFO:INFO_OH] Computer Science/Other Phishing Pharming Heuristique Navigateur web DNS Code source html
76	Strafbarkeit des Phishing nach Internetbanking-Legitimationsdaten / Hansen, David. January 2007 (has links) Universiẗat, Diss.--Passau, 2007. / Literaturverz. S. 197 - 214.
77	Phishing Warden : enhancing content-triggered trust negotiation to prevent phishing attacks / Henshaw, James Presley, January 2005 (has links) (PDF) Thesis (M.S.)--Brigham Young University. Dept. of Computer Science, 2005. / Includes bibliographical references (p. 47-50).
78	An integrated intelligent approach to enhance the security control of it systems : a proactive approach to security control using artificial fuzzy logic to strengthen the authentication process and reduce the risk of phishing Salem, Omran S. A. January 2012 (has links) Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
79	Avaliação de características para detecção de phishing de email / Cleber Kiel Olivo ; orientador, Altair Olivo Santin ; co-orientador Luiz Ediardo S. Oliveira Olivo, Cleber Kiel January 2010 (has links) Dissertação (mestrado) - Pontifícia Universidade Católica do Paraná, Curitiba, 2010 / Bibliografia: p.62-65 / Os trabalhos da literatura técnica para detecção de phishing se baseiam somente na taxa de acerto do classificador para justificar a sua eficácia. Aspectos como a confiança dos resultados (verificada pela taxa de falsos positivos), custo computacional par / The proposals of the technical literature for detecting phishing are based only on the success rate of the classifier to justify its effectiveness. Aspects such as reliance of the results (evaluated by the false positive rate), computational effort to ext 004 20 Informática Dissertações Phishing Fraude pela Internet Correio eletrônico
80	Företagens skydd mot phishing / Company's Protection Against Phising Magnusson, Patrik January 2017 (has links) Denna studie kommer undersöka hur företag hanterar phishinghotet. Phishingmail är ettangreppssätt som faller in i begreppet social engineering och kan användas för att luramänniskor att uppge information som de inte ska dela med sig av. Ett phishingmail har sommål att efterlikna ett vanligt mail som tillexempel en fakturapåminnelse. Men istället för attpengarna går till den angivna avsändaren kan attackeraren istället kapa bankuppgifterna. Målet med attacken kan vara olika, det kan vara att ta del av information så sombankuppgifter och eller lösenord. Det kan också sprida skadlig kod som infekterarmottagarens dator med virus. Phishingmail kan se ut på olika sätt och det gör det svårt att geett exakt exempel på hur ett phishingmail ser ut. Målet med denna studie är att ge en uppfattning av hur företag som intervjuas hanterarphishingattacker. Studien har som syfte att identifiera problem, för att ge en bild avhanteringen av phishingattacker. Bilden kommer besvara frågor som, vilka policys finns föratt motverka hotet, hur och när utbildas de anställda samt hur ser de själva på phishing somhot? Sammanställningen bestå av intervjuer från anställda på olika företag som ansvarar förinformationssäkerheten. Efter att intervjuerna genomförts sammanfattas svaren för att kunna utförasammanställningen. Målet med sammanställningen är att redovisa ett resultat som besvararfrågan, vilka åtgärder som finns hos organisationerna för att motverka phishinghotet.Sammanställningen har delats upp i tre huvudgrupper: handlingsplan, utbildning och kultur.Genom att placera in svaren i rätt huvudgrupp blir det en helhetsbild och ett resultat kanpresenteras.Företagen visar förståelse för i vilka problem phishingmail kan ge ett företag. Det finns i regelåtgärder på varje företag för att motverka och förminska hotet. Viss utbildning ges tillanställda. Men phishing anses inte vara ett så stort hot. Den generella uppfattningen frånföretagen är att phishing inte anses vara ett stort hot. Samtidigt berättar dom om händelser däranställda öppnar skadliga mail trotts att det inte finns något hot enligt dom själva. Efter genomförda intervjuer och insamling av information kunde en eventuell annan bristpresenteras. Flera utav de företag som kontaktades ville inte ställa upp på studien på grund avolika anledningar. Så som att det inte fanns någon IT-avdelning eller ren okunskap inomämnet. Detta kan visa på att det finns brister hos flera företag där det inte finns enhelhetslösning på hur informations ska säkras upp och hur informationssäkerheten ska utvecklas. phishing social engineering phishinghot mot företag Other Computer and Information Science Annan data- och informationsvetenskap

Search results