Insecure Real-World Authentication Protocols (or Why Phishing Is So Profitable)
I want to talk about the real world, where authentication protocols are extremely insecure, and I’m going to try and explain to you why phishing is so profitable.
Why does phishing work? Basically because con artists are really good at persuading people to do really dumb things – and we just have to face up to this. What’s changed recently is that in order to run a con you no longer need a printing press in the cellar to produce all the props. Anybody can produce web pages which look just as good as the professional stuff. But the really deep problem is that the underlying protocols are rubbish and that’s what my paper is about.
KeywordsAuthentication Protocol Secure Channel Aggregation Site Georgia Tech Bank Statement
Unable to display preview. Download preview PDF.