Filters








480 Hits in 5.7 sec

Identifying the Phishing Websites Using the Patterns of TLS Certificates

Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, Tatsuya Mori
2021 Journal of Cyber Security and Mobility  
With the recent rise of HTTPS adoption on the Web, attackers have begun "HTTPSifying" phishing websites.  ...  Furthermore, we developed a real-time monitoring system using the analysis techniques. We demonstrate its usefulness for the practical security operation.  ...  Furthermore, the recent rise in freely available certificate authorities (CAs), such as Let's Encrypt [21] and cPanel [8] , has lowered the barriers to deploying HTTPS on a website.  ... 
doi:10.13052/jcsm2245-1439.1026 fatcat:wc3qtjl47zbq7m3y5rbud4k74q

Optimizing Anti-Phishing Solutions Based on User Awareness, Education and the Use of the Latest Web Security Solutions

Ion LUNGU, Alexandru TABUSCA
2010 Informatică economică  
The present economic crisis is an added argument for the great increase in number of attempts to cheat internet users, both businesses and private ones.  ...  Phishing has grown significantly in volume over the time, becoming the most usual web threat today.  ...  Anti-Phishing Best Practices: EV-SSL Online trust has eroded significantly in the past two years according to analyst reports, with threats of phishing and harming growing each day.  ... 
doaj:7bc180ad6d7b4369ac9a462338952399 fatcat:gxpj2mssjjdxnke73lf65vmixu

Unravelling Ariadne's Thread: Exploring the Threats of Decentralised DNS

Constantinos Patsakis, Fran Casino, Nikolaos Lykousas, Vasilios Katos
2020 IEEE Access  
Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been  ...  However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does -let alone a disruptive one.  ...  Similarly, in an attempt to reduce the level of trust in certificate authorities, Guan et al.  ... 
doi:10.1109/access.2020.3004727 fatcat:wvydbzpl2zgfrjwdv3ngn7nxha

Unravelling Ariadne's Thread: Exploring the Threats of Decentalised DNS [article]

Constantinos Patsakis, Fran Casino, Nikolaos Lykousas, Vasilios Katos
2019 arXiv   pre-print
In this regard, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users which have  ...  In this work, we discuss a number of associated threats, including emerging ones, and we validate many of them with real-world data.  ...  The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors.  ... 
arXiv:1912.03552v1 fatcat:xpefdbo3x5hvvln33ar5ubkswu

An Empirical Evaluation of Security Indicators in Mobile Web Browsers

Chaitrali Amrutkar, Patrick Traynor, Paul C. van Oorschot
2015 IEEE Transactions on Mobile Computing  
However, the drastic reduction in screen size and the accompanying reorganization of screen real-estate significantly changes the use and consistency of the security indicators and certificate information  ...  In this paper, we perform the first measurement of the state of critical security indicators in mobile browsers.  ...  Any opinions, findings, conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1109/tmc.2013.90 fatcat:i5cnduvejvdhzh44barp2u5fki

D10.10 –Standardisation activities plan and report-initial version

Dusanka Busic, Ivan Barac, Jovana Obradovic, Marko Ivkovic, Teodara Mesic, Jasmina Makuljevic, Velizar Perunovic
2021 Zenodo  
The aim of this document, as the title represents, is to contribute to standardisation activities of ENSURESEC platform based on plan and report which will be a result of this Deliverable.This deliverable  ...  will develop in its full potential in later stage of project lifecycle as this deliverable D10.10 is initial part of upcoming deliverable D10.11, which will represent the final version of Standardisation  ...  E-commerce Security Best Practices There is a wide range of security measures that can be applied to mitigate the risk to the security of e-commerce ecosystems.  ... 
doi:10.5281/zenodo.6323340 fatcat:ibw2b4urjralfmpsndki4q47fy

Who ya gonna call? (Alerting Authorities): Measuring Namespaces, Web Certificates, and DNSSEC [article]

Pouyan Fotouhi Tehrani, Eric Osterweil, Jochen H. Schiller, Thomas C. Schmidt, Matthias Wählisch
2020 arXiv   pre-print
In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication.  ...  Our analysis shows two major shortcomings: About 50% of organizations do not own their dedicated domain names and are dependent on others, 55% opt for unrestricted-use namespaces, which simplifies phishing  ...  This work was supported in parts by the German Federal Ministry of Education and Research (BMBF) within the projects I3 and Deutsches Internet-Institut (grant no. 16DII111).  ... 
arXiv:2008.10497v2 fatcat:2qv4vpwqp5gozpqgaz3f75bdcq

Hiding in Plain Sight

Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, Manos Antonakakis
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.  ...  Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.  ...  ACKNOWLEDGMENTS The authors would like to thank the anonymous reviewers for their valuable comments and helpful suggestions. This  ... 
doi:10.1145/3133956.3134002 dblp:conf/ccs/KintisMLCGPNA17 fatcat:kkdy7lgxljhhfi425lowl2ts6u

Uncovering Security Vulnerabilities in the Belkin WeMo Home Automation Ecosystem

Haoyu Liu, Tom Spink, Paul Patras
2019 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)  
In this paper, we demonstrate that this is also the case of home automation applications, as we uncover a set of previously undocumented security issues in the Belkin WeMo ecosystems.  ...  The lack of appropriate security protections in these devices is thus of increasing concern for the Internet of Things (IoT) industry, yet manufacturers' ongoing efforts remain superficial.  ...  CONCLUSION In this paper we undertook a security analysis of the Belkin WeMo ecosystem.  ... 
doi:10.1109/percomw.2019.8730685 dblp:conf/percom/LiuSP19 fatcat:r2bqauaokbhyljnnalonwi3ro4

The Need for Cyber Resilient Enterprise Distributed Ledger Risk Management Framework

Robert E. Campbell, Sr.
2020 The Journal of British Blockchain Association  
The most significant existing attack vector for enterprise DLs is the public key infrastructure (PKI), which is fundamental in securing the Internet and enterprise DLs and is a core component of authentication  ...  These attacks can lead to disruption of service, damage of reputation and trust, injury to human life, and the loss of intellectual property, assets, regulated data, and global economic security.  ...  years of follow-on research, analysis, and testing for a suitable "drop-in replacement" to be identified or developed.  ... 
doi:10.31585/jbba-3-1-(5)2020 fatcat:v2ywafhtozhppgfnkknmuvkcq4

Cybersecurity Resilience in Digital Society – the Practical Approach [chapter]

E. Niewiadomska-Szynkiewicz, M. Amanowicz, A. Wronska, P. Kostkiewicz
2021 Internet and New Technologies Law  
in Poland.  ...  It gives an overview of national and international activities and those of the European Commission to increase security and situational awareness.  ...  <https://safecode.org> accessed 1 June 2021. 27 <https://en.nask.pl/eng/activities/certification> accessed 1 June 2021.Cybersecurity Resilience in Digital Society -the Practical Approach  ... 
doi:10.5771/9783748926979-405 fatcat:a34c6x7hsvbuxau7qyqfmviurq

Security Economics in the HTTPS Value Chain

Hadi Asghari, Michel van Eeten, Axel Arnbak, Nico van Eijk
2013 Social Science Research Network  
Next, we explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset.  ...  We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs).  ...  As far as the authors are aware of, this research project is the first in-depth multi-disciplinary analysis of HTTPS governance.  ... 
doi:10.2139/ssrn.2277806 fatcat:3kayzfbn3jdd3dt6uvcpnkddbq

Brain leaks and consumer neurotechnology

Marcello Ienca, Pim Haselager, Ezekiel J Emanuel
2018 Nature Biotechnology  
Checks and Balances In order to strengthen the SSL/TLS ecosystem, Symantec has pushed for the widespread adoption of DNS Certification Authority Authorization (CAA).  ...  BEST PRACTICE GUIDELINES FOR BUSINESSES While there are tools to help you keep your website ecosystem secure, it all starts with education.  ...  Protect Private Keys Make sure to get your digital certificates from an established, trustworthy certificate authority that demonstrates excellent security practices.  ... 
doi:10.1038/nbt.4240 pmid:30188521 fatcat:dwoyvyborfdifdkklju3p3qek4

When HTTPS Meets CDN: A Case of Authentication in Delegated Service

Jinjin Liang, Jian Jiang, Haixin Duan, Kang Li, Tao Wan, Jianping Wu
2014 2014 IEEE Symposium on Security and Privacy  
Our study reveals various problems with the current HTTPS practice adopted by CDN providers, such as widespread use of invalid certificates, private key sharing, neglected revocation of stale certificates  ...  While some of those problems are operational issues only, others are rooted in the fundamental semantic conflict between the end-to-end nature of HTTPS and the man-in-the-middle nature of CDN involving  ...  This work is supported by the National Natural Science Foundation of China (Grant No. 61161140454).  ... 
doi:10.1109/sp.2014.12 dblp:conf/sp/LiangJDLWW14 fatcat:bxfsnheejvdozfiqaamxmcrfra

Classification of SSL Servers based on their SSL Handshake for Automated Security Assessment

Sirikarn Pukkawanna, Gregory Blanc, Joaquin Garcia-Alfaro, Youki Kadobayashi, Herve Debar
2014 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)  
The results also showed that the majority of the SSL/TLS servers had seemingly risky certificates, and used both risky protocol versions and encryption algorithms.  ...  The Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the most widely deployed security protocols used in systems required to secure information such as online banking.  ...  The Zmap Team [15] at the University of Michigan [14] , [24] and Rapid 7 [23] , [35] provide two datasets: SSL certificate and HTTPS Ecosystem.  ... 
doi:10.1109/badgers.2014.10 dblp:conf/badgers/PukkawannaBGKD14 fatcat:f6umvx4dvfampicg6t427akhs4
« Previous Showing results 1 — 15 out of 480 results