What we now know about phishing websites
- Richard Clayton | University of Cambridge
We have been studying phishing websites since early 2007, finding out how long it is before they’re removed, and gathering all sort of other statistics. We can now explain why our lifetime measures exceed what the industry expected; we understand how some of the vulnerable sites are found by attackers – and we can explain why the same sites are re-compromised again and again. We can compare takedown times for phishing with how long other types of illegal site remain available, and use security economics to explain the results. We can even demonstrate weaknesses in various community approaches to dealing with phishing, and tell the police which attackers are worth concentrating on. There’s an awful lot we still don’t understand, and we’re still reinterpreting what we thought we knew last year! But this talk will get you up to speed on what (we think) we know in the Summer of 2009.This is joint work with Tyler Moore.
Speaker Details
Richard Clayton is a Visiting Industrial Fellow in the Computer Laboratory of the University of Cambridge. He’s been studying wickedness on the Internet for years; be it spam, unintentional DDoS attacks, or phishing. A flavour of the sort of things that interest the Cambridge Security Group can be found on their blog: http://www.lightbluetouchpaper.org/
-
-
Jeff Running
-
-
Watch Next
-
Fuzzy Extractors are Practical
- Melissa Chase,
- Amey Shukla
-
-
-
-
-
-
Accelerating MRI image reconstruction with Tyger
- Karen Easterbrook,
- Ilyana Rosenberg
-
-
From Microfarms to the Moon: A Teen Innovator’s Journey in Robotics
- Pranav Kumar Redlapalli
-
