| TRACK: | Information Technology and Computing |
| TITLE: | When Public Databases Cause Security Vulnerabilities |
| DATE: | Saturday, February 18, 2006 |
| TIME: | 9:45 AM - 11:15 AM |
| ORGANIZERS: | Markus Jakobsson, Indiana University, Bloomington
|
| PARTICIPANTS: * = invited, not yet confirmed. |
| Markus Jakobsson (Moderator), Indiana University, Bloomington | Aaron Emigh (Speaker), Radix Labs
Online Identity Theft: Threats and Countermeasures | Michael Szydlo (Speaker), RSA Laboratories
Using Personal Information To Secure Passwords | Kevin Fu (Speaker), University of Massachusetts, Amherst
Public Web Services that Leak Private Information |
| AVAILABLE ABSTRACTS: |
| No available abstracts. |
| SYNOPSIS: |
| Recent studies show how attacks on society can be mounted using only publicly known data. E-commerce servers have, in several cases, been found to allow extraction of secret data by modification of URLs. Mothers’ maiden names have been culled from data required by law to be public; one attack affected more than three million Texans. Context-aware phishing attacks can use information from social networks, with a recent study having a 70 percent success rate -- again, with data inferred from public databases. Using data not protected by browsers, an attacker can infer the victim’s bank simply by causing the victim to visit a rogue Web site, or in some cases, by sending the victim an email. These examples of attacks demonstrate a vulnerability that we believe phishers will soon start taking advantage of unless drastic changes to authentication mechanisms are made. Panelists will demonstrate live attacks during the symposium and will describe new security measures and educational campaigns that can be used to reduce the impact of such attacks. |
|