Jeremiah Grossman: Phishing with Super Bait

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

Inhoud geleverd door Black Hat / CMP and Jeff Moss. Alle podcastinhoud, inclusief afleveringen, afbeeldingen en podcastbeschrijvingen, wordt rechtstreeks geüpload en geleverd door Black Hat / CMP and Jeff Moss of hun podcastplatformpartner. Als u denkt dat iemand uw auteursrechtelijk beschermde werk zonder uw toestemming gebruikt, kunt u het hier beschreven proces https://nl.player.fm/legal volgen.

18y ago 57:14

MP3•Thuis aflevering

The use of phishing/cross-site scripting hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help. By leveraging cross-site scripting, the next level of phishing scams will be launched not from look-alike web pages, but instead from legitimate websites! This presentation will demonstrate how these types of attacks are being achieved. We'll also demonstrate the cutting edge exploits that can effectively turn your browser into spyware with several lines of JavaScript. And, we'll give you the steps you need to take to protect your websites from these attacks. Jeremiah Grossman is the founder and Chief Technology Officer of WhiteHat Security (http://www.whitehatsec.com), where he is responsible for web application security Rresearch and developmentD and industry evangelism. As a seven-year industry veteran and well-known security expert, Mr. Grossman is a frequent conference speaker at the BlackHat Briefings, ISSA, ISACA, NASA, and many other industry events. Mr. Grossman's research, writings, and discoveries have been featured in USA Today, VAR Business, NBC, ZDNet, eWeek, BetaNews, etc. Mr. Grossman is also a founder of the Web Application Security Consortium (WASC), as well as a contributing member of the Center for Internet Security Apache Benchmark Group. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!, responsible for performing security reviews on the company's hundreds of websites.

61 afleveringen

#Tech #Blackhat Breifings And Training #Blackhat Usa 2005 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Podcasting #Conventions