66 Hits in 3.7 sec

Protecting accounts from credential stuffing with password breach alerting

Kurt Thomas, Jennifer Pullman, Kevin Yeo, Ananth Raghunathan, Patrick Gage Kelley, Luca Invernizzi, Borbala Benko, Tadek Pietraszek, Sarvar Patel, Dan Boneh, Elie Bursztein
2019 USENIX Security Symposium  
Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and  ...  Our study illustrates how secure, democratized access to password breach alerting can help mitigate one dimension of account hijacking.  ...  Acknowledgements We would like to thank Oxana Comanescu, Sunny Consolvo, Ali Zand, and our anonymous reviewers for their feedback and support in designing our breach alerting protocol.  ... 
dblp:conf/uss/ThomasPYRKIBPPB19 fatcat:66yciaf3efhebjq6peajtcdf5i

Using Amnesia to Detect Credential Database Breaches

Ke Coby Wang, Michael K. Reiter
2021 USENIX Security Symposium  
Known approaches for using decoy passwords (honeywords) to detect credential database breaches suffer from the need for a trusted component to recognize decoys when entered in login attempts, and from  ...  an attacker's ability to test stolen passwords at other sites to identify user-chosen passwords based on their reuse at those sites.  ...  This research was supported in part by grant numbers 2040675 from the National Science Foundation and W911NF-17-1-0370 from the Army Research Office.  ... 
dblp:conf/uss/WangR21 fatcat:e3w4pfobdfgbdgoyjkzoje4ham

Might I Get Pwned: A Second Generation Compromised Credential Checking Service [article]

Bijeeta Pal, Mazharul Islam, Marina Sanusi, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher Wood, Thomas Ristenpart, Rahul Chattejee
2022 arXiv   pre-print
Credential stuffing attacks use stolen passwords to log into victim accounts.  ...  We initiate work on C3 services that protect users from credential tweaking attacks.  ...  Such breach-alerting services, also called compromised credential checking (C3) services [37] , help prevent credential stuffing attacks by alerting users to change their passwords.  ... 
arXiv:2109.14490v2 fatcat:xgwtow5hyvdvbnsf6dnlbtrgsi

(How) Do people change their passwords after a breach? [article]

Sruti Bhagavatula, Lujo Bauer, Apu Kapadia
2020 arXiv   pre-print
To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts.  ...  To study the effectiveness of password-related breach notifications and practices enforced after a breach, we examine---based on real-world password data from 249 participants---whether and how constructively  ...  We would also like to thank Sarah Pearman and Jeremy Thomas for help with understanding and working with the dataset.  ... 
arXiv:2010.09853v1 fatcat:2nvvse4kxzbhbm5lnf3qsdy4h4

Security Incident - Attack Simulator v1

Michael Kontoulis
2020 Zenodo  
document describes in detail the state-of-the-art of cyber-attack testing, the purpose and the methodology for the implementation of the Security Incident / Attack Simulator component, and its relation with  ...  Moreover, information from social media, public or private dataset with stolen credential can also be used to breach passwords.  ...  If the user uses long, complex passwords, then the possibility of a successful attack is lower. • Credential stuffing relies on having information from previous breaches.  ... 
doi:10.5281/zenodo.4280609 fatcat:asdv2qe3z5cyvoupfr7kozvm4y

Use of AI Voice Authentication Technology Instead of Traditional Keypads in Security Devices

Deepak Ramesh Chandran
2022 Journal of Computer and Communications  
AI based voice authentication holds unparalleled value for data protection, security, and privacy, by providing an effective alternative to traditional password-based protection.  ...  Traditional keypads and text-based passwords are vulnerable to scams and hacks, leading to enormous levels of embezzlement and frauds apart from various other threats to data security.  ...  A recent IBM study suggests that almost 1/5th of data breaches occur due to compromised credentials.  ... 
doi:10.4236/jcc.2022.106002 fatcat:lzjrvdtatjdhrlxvn5np6z2bo4

Financial Analysis Of Information Security Breaches*

Faramarz Damanpour, M. Hossain Heydari
2011 International Business & Economics Research Journal  
an attempt has been made to present Internet security and vulnerability, security policies, financial impacts, remedies, and a model to evaluate the opportunity costs of variables involve in security breaches  ...  One deals with passwords and the second one deals with Digital Right Management (DRM). Both have received endorsement from IT experts.  ...  When you log into your online bank or trading accounts, you enter a password via Internet to connect.  ... 
doi:10.19030/iber.v2i6.3809 fatcat:n3lsvbop2jdj5oazcx5yrekdau

Web Runner 2049: Evaluating Third-Party Anti-bot Services [chapter]

Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, Nick Nikiforakis
2020 Lecture Notes in Computer Science  
On the positive side, our results show that by relying on browser fingerprinting, more than 75% of protected websites in our dataset, successfully defend against attacks by basic bots built with Python  ...  We have responsibly disclosed our findings with the anti-bot service providers.  ...  This work was partially supported by a gift from Amazon and the National Science Foundation (NSF) under grants CNS-1813974, CNS-1617902, and CMMI-1842020. References  ... 
doi:10.1007/978-3-030-52683-2_7 fatcat:mx47co33zvfyhchram4knsskta

Modelling the Cybercrime Cascade Effect in Data Crime

Maria Grazia Porcedda, David S. Wall
2021 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)  
Drawing upon data from court cases the article models the cybercrime cascade effect that results from data crimes.  ...  The 'cascade effect' is modelled by using mixed methods from law and criminology which include the "intermediate-N" configurational comparative method.  ...  The tipping point of stage 5 is adding credential stuffing to the data and this is observed across the cases.  ... 
doi:10.1109/eurospw54576.2021.00025 fatcat:6lpe3a6yxze7nnlliu33arf7be

A Systematic Review of Cybersecurity Risks in Higher Education

Joachim Bjørge Ulven, Gaute Wangen
2021 Future Internet  
This report concludes nine strategic cyber risks with descriptions of frequencies from the compiled dataset and consequence descriptions.  ...  Serious data breaches have occurred already and are likely to happen again without proper risk management.  ...  Password Security Good password hygiene is vital to protect information.  ... 
doi:10.3390/fi13020039 fatcat:6o2mov5da5cdrnyixau24lui7m

Building a Secure Organization [chapter]

John Mallery
2013 Computer and Information Security Handbook  
But most important, a secure organization will not have to spend time and money identifying security breaches and responding to the results of those breaches.  ...  And numerous regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Sarbanes-Oxley Act, require businesses to maintain the security  ...  Change Default Account Passwords Nearly all network devices come preconfigured with a password/username combination.  ... 
doi:10.1016/b978-0-12-394397-2.00001-5 fatcat:mgg3txxmm5h3hopma4vrtubq64

Software Supply Chain Attacks, a Threat to Global Cybersecurity: SolarWinds' Case Study

Jeferson Martínez, Javier M. Durán
2021 International Journal of Safety and Security Engineering  
The main problem in the violation of the software supply chain is that, from 85% to 97% of the code currently used in the software development industry comes from the reuse of open source code frameworks  ...  This research analyzes the SolarWinds case study from an exploratory review of academic literature, government information, but also from the articles and reports that are published by different cybersecurity  ...  ), and also being aligned to good practices with a layered defense approach such as Zero trust to protect their assets.  ... 
doi:10.18280/ijsse.110505 fatcat:am4e3jua5zcfvcmr3usac62yay

GPU-accelerated PIR with Client-Independent Preprocessing for Large-Scale Applications [article]

Daniel Günther, Maurice Heymann, Benny Pinkas, Thomas Schneider
2021 IACR Cryptology ePrint Archive  
a data breach.  ...  with GPUs.  ...  This enables credential stuffing attacks, where an adversary compromises accounts by trying leaked passwords on other services.  ... 
dblp:journals/iacr/GuntherHPS21 fatcat:3bnjs76we5e6tjmfh2f6h2ujqu

Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns

Maximilian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, Elissa M. Redmiles
2021 USENIX Security Symposium  
Two-factor authentication (2FA) is one of the primary mechanisms for defending end-user accounts against phishing and password reuse attacks.  ...  To do so, we conduct a series of large-scale in-the-wild, controlled messaging experiments on Facebook, with an average of 622, 419 participants per experiment.  ...  [86] designed password breach alerts that are shown when a user tries to reuse an already breached credential.  ... 
dblp:conf/uss/GollaHLPR21 fatcat:xkn6uij4z5ezxgeryser4q7i2y

Cybersecurity Threat Modelling: A Case Study of An Ecommerce Platform Migration to the Public Cloud

Bamidele Ola, Iyobor Egho-Promise
2020 European Journal of Electrical Engineering and Computer Science  
Session management attacks, credential stuffing attacks, automated brute force attacks, dictionary attacks, password spraying attacks. Web client, user web sessions, login page, shopping cart.  ...  Store passwords with hashing functions with salting or peppering. Enforce end to end and strict HTTPS connection using at least TLS 1.2 and strong ciphers on AWS or Azure.  ... 
doi:10.24018/ejece.2020.4.4.237 fatcat:kvjo4gwk3naphb5hukooqrwfne
« Previous Showing results 1 — 15 out of 66 results