Phishing on Open WLANs: Threat and Preventive Measure
نویسندگان
چکیده
Phishing is an internet security issue whose shape is still changing and size is still increasing. This thesis shows the possibility of a phishing attack on open, private Wireless LANs. Private WLANs which use a login page to authenticate users in hotels, airports and academic campuses are all vulnerable to this attack. Virginia Tech's WLAN is used as an example to show that the attack is possible. The attack combines two very well known attacks: one is to deceptively guide a user into logging into a fake website, which shows similar log-in page to the page of the website the user intends to go to, and the second attack is to show users a valid certificate, which does not show a warning. The rogue server takes the user to a log-in page which is similar to Virginia Tech's log-in page and shows him a valid security certificate. We present a solution to the proposed problem. Software is implemented that runs on Windows Vista. The software warns the user if there are servers with more than one type of security certificates, claiming to be from the same network. We contrast our method to already existing methods, and show in what respects our solution is better. The biggest advantage of this method is that it involves no change on the server side. It is not necessary for the users to have any prior knowledge of the network, which is very helpful when the users access WLAN at airports and hotels. Also, when using this method, the user does not need to connect to any network, and is still able to get a warning. It however, requires the user to be able to differentiate between the real and fake networks after the user has been warned.
منابع مشابه
Phishing threat avoidance behaviour: An empirical investigation
Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The...
متن کاملA Phishing Model and Its Applications to Evaluating Phishing Attacks
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has n...
متن کاملThe Devil Is Phishing: Rethinking Web Single Sign-On Systems Security
One significant trend in online user authentication is using Web Single Sign-On (SSO) systems. Especially, open Web SSO standards such as OpenID and OAuth are rapidly gaining adoption on the Web, and they enable over one billion user accounts. However, the largescale threat from phishing attacks to real-worldWeb SSO systems has been significantly underestimated and insufficiently analyzed. In t...
متن کاملPoster: User-Centric Phishing Threat Detection
This paper presents a context-aware phishing threat detection model from users’ behavioral perspectives. The context of users’ information accesses is investigated to explore the users’ browsing behaviors that confront phishing situations. Large-scale experiments show that our approach achieves an accuracy of 0.9973 and an F1 score of 0.9311 for predicting the phishing threats of users’ next ac...
متن کاملAnalysis of Student Vulnerabilities to Phishing
Phishing attacks were responsible for $3.2 billion dollars in losses during 2007 and the number of attacks is increasing daily. According to the United States Computer Emergency Readiness Team, phishing was the top security threat during the first quarter of 2007, comprising 48% of all reported incidents. The purpose of this study was to identify the level of student awareness related to specif...
متن کامل