Professional Documents
Culture Documents
Spoofstick
More Security Indicators
Netcraft
Toolbar
More Security Indicators
Trustbar
More Security Indicators
eBay
Account
Guard
More Security Indicators
Spoofguard
Outline
Netcraft Toolbar
SpoofGuard
Positive-Information Toolbar
TrustBar
Study Scenario
http://tigermail.co.kr/cgi-bin/webscrcmd_login.php
Toolbar frame
1. Similar-name attack
bestbuy.com www.bestbuy.com.ww2.us
2. IP-address attack
bestbuy.com 212.85.153.6
3. Hijacked-server attack
bestbuy.com www.btinternet.com
4. Popup-window attack
5. Paypal attack
Security Toolbar Display
1-9
10 Paypal attack
11 Tutorial email
12-20
Recruitment
• 30 users
– Recruited at MIT, paid $15 for one hour
– 10 for each toolbar
Neutral-Information
Toolbar
System-Decision Toolbar
Positive-Information Toolbar
100%
90%
80%
70%
60%
54%
Spoof Rate
Neutral-Information toolbar
50% Positive-Information toolbar
System-Decision toolbar
40% 39%
40% 35%
32% 33%
30%
30% 28%
20%
13%
10%
0%
Total Before tutorial After tutorial
Spoof Rates With Different Attacks
100%
90%
80%
70%
60%
Spoof Rate
50%
50%
43%
40%
33%
30% 28%
20% 17%
10%
0%
Paypal Attack Popup-window Attack IP-address Attack Hijacked-server Attack Similar-name Attack
p = 0.052 (ANOVA)
Why Did Users Get Fooled?
• 20 out of 30 got fooled by at least one
attack. Among the 20 users
– 17 (85%) claimed web content is
professional or familiar; 7 (35%) depended
on security-related content
– 12 (60%) explained away odd behaviors
• “I have been to sites that use plain IP
addresses.”
• “Sometimes I go to a website, and it directs me
to another site with a different address.”
• “Yahoo may have just opened a branch in
Brazil and thus registered there.”
• “I must have mistakenly triggered the popup
window.”
Results
Session: FAITH
1 [Approve it]
2 [Cancel it]
3 [Lock Account]
Submit Cancel
menu
Attack Types
menu
Session: FAITH
1 [Approve it]
2 [Cancel it]
3 [Lock Account]
Submit Cancel
menu
Lesson Learned
menu
Users Cared About Security