lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001d01c9ca07$95374920$bfa5db60$@net>
Date: Thu, 30 Apr 2009 22:50:26 -0400
From: "WebAppSec" <webappsec@...hnicalinfo.net>
To: <bugtraq@...urityfocus.com>
Subject: New WebApp security paper: Anti-fraud Image Solutions

WebAppSec gurus,

I recently had some time on my hands to write up a whitepaper covering a
topic that I've been repeatedly queried about over the years - how can you
tell which person "stole" a copy of your Web application content and used it
to build a phishing or fraud site?

It's not a particularly easy question to answer, but there are a number of
things that can be done to help this identification task. One useful
component of that identification process is the embedding of unique tagging
information within the content of the application. This process, referred to
as Distribution Tracing, can be applied to the images used to construct the
Web site.

The paper "Anti-fraud Image Solutions" is now available on my Web site -
http://www.technicalinfo.net/papers/AntiFraudImageSolutions.html

...and there's a blog on the topic over at -
http://technicalinfodotnet.blogspot.com/2009/04/who-cloned-web-site-heres-ho
w-to-tell.html

Hope the paper proves insightful for some of you having to advise your
customers directly. I'll offer a beer at BlackHat Las Vegas this year to the
first person to name 3 large international banks that already use this
tracing process, and the algorithm they went with :-)

Cheers,

Gunter Ollmann

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ