Researchers create new system to address phishing fraud

A research team led by Electrical and Computer Engineering Professor Adrian Perrig has created the Phoolproof Phishing Prevention system that protects users against all network-based attacks, even when they make mistakes. The innovative security system provides strong mutual authentication between the Web server and the user by leveraging a mobile device, such as the user's cell phone or PDA.

The system is also designed to be easy for businesses to implement. Perrig, along with engineering Ph.D. student assistants Bryan Parno and Cynthia Kuo, has developed an anti-phishing system that makes the user's cell phone an active participant in the authentication process to securely communicate with a particular Internet site.

"Essentially, our research indicates that Internet users do not always make correct security decisions, so our new system helps them make the right decision, and protects them even if they manage to make a wrong decision," Perrig said. "Our new anti-phishing system, which operates with the standard secure Web protocol, ensures that the user accesses the Web site they intend to visit, instead of a phishing site posing as a legitimate business. The mobile device acts like an electronic assistant, storing a secure bookmark and a cryptographic key for each of the user's online accounts."

Phoolproof Phishing Prevention essentially provides a secure electronic key ring that the user can access while making online transactions, according to Parno. These special keys are more secure than one-time passwords because the user can't give them away. So, phishers can't access the user's accounts, even if they obtain other information about the user, researchers said.

Since the user's cell phone performs cryptographic operations without revealing the secret key to the user's computer, the system also defends against keyloggers and other malicious software on the user's computer. Even if the user loses the cell phone, the keys remain secure.

Driving the need for this new tool is escalating consumer worries over online fraud -- a major barrier for a banking industry seeking to push consumers to do more of their banking online. More than 5 percent of Internet users say they have stopped banking online because of security concerns, up from 1 percent a year ago, according to industry reports.

Complicating the concern for more secure financial sites is a looming deadline for new security guidelines from the Federal Financial Institutions Examination Council (FFIEC), a group of government agencies that sets standards for financial institutions. Last year, the FFIEC set a Dec. 31 deadline for banks to add online security measures beyond just a user name and password. Failure to meet that deadline could result in fines, the FFIEC said.

Source: Carnegie Mellon University

Comcast's new bandwidth limit irks some users
Comcast's plan to place a cap on consumer Internet use worries some customers who have come to take unfettered Web surfing for granted, even though most users aren't affected by the move.
Judge tentatively upholds charges in ‘cyber-bullying' case
A federal judge handed a partial victory Thursday to prosecutors seeking to put a St. Louis-area woman on trial regarding online harassment of a teenage neighbor who later killed herself.
Keeping an eye on intruders
Electronic fingerprinting, iris scans, and signature recognition software are all becoming commonplace biometrics for user authentication and security. However, they all suffer from one major drawback - they can be spoofed by a sufficiently sophisticated intruder. Writing in the International Journal of Biometrics, Japanese researchers describe a new approach based on a person's reflexes that could never be copied, forged, or spoofed.
Microsoft releases beta version of Internet Explorer 8
Microsoft last week released a broadly available test version of its latest Web browser, Internet Explorer 8, including a tool to cover one's tracks across the Web.
New music site gives fans a cut of tune sales
(AP) -- Being a trendsetter can be pricey. As any fashionista or gadget hound knows, the latest frocks and tech toys don't pay for themselves. But a new Web site is trying to make it profitable for music lovers to stay ahead of the curve - by paying them when other people purchase MP3s they've bought.
Review: Google Chrome lacks polish under the hood
(AP) -- Google Inc.'s new Web browser, called Chrome, does much of what a browser needs to do these days: It presents a sleek appearance, groups pages into easy-to-manage "tabs" and offers several ways for people to control their Internet privacy settings.
Eyes turn to dawn of 'visual computing'
Lifelike graphics are breaking free of elite computer games and spreading throughout society in what industry insiders proclaim is the dawning of a "visual computing era."
Microsoft's newest browser may block ads
(AP) -- The next version of Microsoft Corp.'s Web browser makes it easier for people to surf the Internet without leaving a trace. Companies that sell advertisements online - including Microsoft - can electronically gather tidbits about Web surfers' habits, and then use that information to help decide what kinds of ads to show. However, in the newest "beta" test version of Microsoft's forthcoming Internet Explorer 8, which was made available Wednesday, a mode called InPrivateBrowsing lets users surf without having a list of sites they visit get stored on their computers.

Researchers create new system to address phishing fraud

Related stories:

News discussion: