A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Filters
Protecting accounts from credential stuffing with password breach alerting
2019
USENIX Security Symposium
Preserved Fulltext
Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and ...
Our study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking. ...
Acknowledgements We would like to thank Oxana Comanescu, Sunny Consolvo, Ali Zand, and our anonymous reviewers for their feedback and support in designing our breach alerting protocol. ...
dblp:conf/uss/ThomasPYRKIBPPB19
fatcat:66yciaf3efhebjq6peajtcdf5i
Using Amnesia to Detect Credential Database Breaches
2021
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from ...
an attacker's ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites. ...
This research was supported in part by grant numbers 2040675 from the National Science Foundation and W911NF-17-1-0370 from the Army Research Office. ...
dblp:conf/uss/WangR21
fatcat:e3w4pfobdfgbdgoyjkzoje4ham
Might I Get Pwned: A Second Generation Compromised Credential Checking Service
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Credential stuffing attacks use stolen passwords to log into victim accounts. ...
We initiate work on C3 services that protect users from credential tweaking attacks. ...
Such breach-alerting services, also called compromised credential checking (C3) services [37] , help prevent credential stuffing attacks by alerting users to change their passwords. ...
arXiv:2109.14490v2
fatcat:xgwtow5hyvdvbnsf6dnlbtrgsi
(How) Do people change their passwords after a breach?
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. ...
To study the effectiveness of password-related breach notifications and practices enforced after a breach, we examine---based on real-world password data from 249 participants---whether and how constructively ...
We would also like to thank Sarah Pearman and Jeremy Thomas for help with understanding and working with the dataset. ...
arXiv:2010.09853v1
fatcat:2nvvse4kxzbhbm5lnf3qsdy4h4
Security Incident - Attack Simulator v1
2020
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
document describes in detail the state-of-the-art of cyber-attack testing, the purpose and the methodology for the implementation of the Security Incident / Attack Simulator component, and its relation with ...
Moreover, information from social media, public or private dataset with stolen credential can also be used to breach passwords. ...
If the user uses long, complex passwords, then the possibility of a successful attack is lower. • Credential stuffing relies on having information from previous breaches. ...
doi:10.5281/zenodo.4280609
fatcat:asdv2qe3z5cyvoupfr7kozvm4y
Use of AI Voice Authentication Technology Instead of Traditional Keypads in Security Devices
2022
Journal of Computer and Communications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
AI based voice authentication holds unparalleled value for data protection, security, and privacy, by providing an effective alternative to traditional password-based protection. ...
Traditional keypads and text-based passwords are vulnerable to scams and hacks, leading to enormous levels of embezzlement and frauds apart from various other threats to data security. ...
A recent IBM study suggests that almost 1/5th of data breaches occur due to compromised credentials. ...
doi:10.4236/jcc.2022.106002
fatcat:lzjrvdtatjdhrlxvn5np6z2bo4
Financial Analysis Of Information Security Breaches*
2011
International Business & Economics Research Journal
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
an attempt has been made to present Internet security and vulnerability, security policies, financial impacts, remedies, and a model to evaluate the opportunity costs of variables involve in security breaches ...
One deals with passwords and the second one deals with Digital Right Management (DRM). Both have received endorsement from IT experts. ...
When you log into your online bank or trading accounts, you enter a password via Internet to connect. ...
doi:10.19030/iber.v2i6.3809
fatcat:n3lsvbop2jdj5oazcx5yrekdau
Web Runner 2049: Evaluating Third-Party Anti-bot Services
[chapter]
2020
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
On the positive side, our results show that by relying on browser fingerprinting, more than 75% of protected websites in our dataset, successfully defend against attacks by basic bots built with Python ...
We have responsibly disclosed our findings with the anti-bot service providers. ...
This work was partially supported by a gift from Amazon and the National Science Foundation (NSF) under grants CNS-1813974, CNS-1617902, and CMMI-1842020.
References ...
doi:10.1007/978-3-030-52683-2_7
fatcat:mx47co33zvfyhchram4knsskta
Modelling the Cybercrime Cascade Effect in Data Crime
2021
2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Drawing upon data from court cases the article models the cybercrime cascade effect that results from data crimes. ...
The 'cascade effect' is modelled by using mixed methods from law and criminology which include the "intermediate-N" configurational comparative method. ...
The tipping point of stage 5 is adding credential stuffing to the data and this is observed across the cases. ...
doi:10.1109/eurospw54576.2021.00025
fatcat:6lpe3a6yxze7nnlliu33arf7be
A Systematic Review of Cybersecurity Risks in Higher Education
2021
Future Internet
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
This report concludes nine strategic cyber risks with descriptions of frequencies from the compiled dataset and consequence descriptions. ...
Serious data breaches have occurred already and are likely to happen again without proper risk management. ...
Password Security Good password hygiene is vital to protect information. ...
doi:10.3390/fi13020039
fatcat:6o2mov5da5cdrnyixau24lui7m
Building a Secure Organization
[chapter]
2013
Computer and Information Security Handbook
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches. ...
And numerous regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley Act, require businesses to maintain the security ...
Change Default Account Passwords Nearly all network devices come preconfigured with a password/username combination. ...
doi:10.1016/b978-0-12-394397-2.00001-5
fatcat:mgg3txxmm5h3hopma4vrtubq64
Software Supply Chain Attacks, a Threat to Global Cybersecurity: SolarWinds' Case Study
2021
International Journal of Safety and Security Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
The main problem in the violation of the software supply chain is that, from 85% to 97% of the code currently used in the software development industry comes from the reuse of open source code frameworks ...
This research analyzes the SolarWinds case study from an exploratory review of academic literature, government information, but also from the articles and reports that are published by different cybersecurity ...
), and also being aligned to good practices with a layered defense approach such as Zero trust to protect their assets. ...
doi:10.18280/ijsse.110505
fatcat:am4e3jua5zcfvcmr3usac62yay
GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications
[article]
2021
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
a data breach. ...
with GPUs. ...
This enables credential stuffing attacks, where an adversary compromises accounts by trying leaked passwords on other services. ...
dblp:journals/iacr/GuntherHPS21
fatcat:3bnjs76we5e6tjmfh2f6h2ujqu
Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
2021
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Two-factor authentication (2FA) is one of the primary mechanisms for defending end-user accounts against phishing and password reuse attacks. ...
To do so, we conduct a series of large-scale in-the-wild, controlled messaging experiments on Facebook, with an average of 622, 419 participants per experiment. ...
[86] designed password breach alerts that are shown when a user tries to reuse an already breached credential. ...
dblp:conf/uss/GollaHLPR21
fatcat:xkn6uij4z5ezxgeryser4q7i2y
Cybersecurity Threat Modelling: A Case Study of An Ecommerce Platform Migration to the Public Cloud
2020
European Journal of Electrical Engineering and Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Session management attacks, credential stuffing attacks, automated brute force attacks, dictionary attacks, password spraying attacks. Web client, user web sessions, login page, shopping cart. ...
Store passwords with hashing functions with salting or peppering. Enforce end to end and strict HTTPS connection using at least TLS 1.2 and strong ciphers on AWS or Azure. ...
doi:10.24018/ejece.2020.4.4.237
fatcat:kvjo4gwk3naphb5hukooqrwfne
« Previous
Showing results 1 — 15 out of 66 results